[pmwiki-users] [pmwiki-devel] Announce: pmwiki-social
Patrick R. Michaud
pmichaud at pobox.com
Wed May 2 00:48:33 CDT 2007
On Wed, May 02, 2007 at 07:39:06AM +0200, christian.ridderstrom at gmail.com wrote:
> On Tue, 1 May 2007, Patrick R. Michaud wrote:
>
> >On Tue, May 01, 2007 at 09:59:45PM +0200, christian.ridderstrom at gmail.com
> >wrote:
> >>
> >>PS. Regarding security issues (as with Zap for instance), would it make
> >>sense to have a list for those kinds of announcements?
> >
> >We have pmwiki-announce for that.
>
> That's a public list, isn't it? So the vulnerability is publicly
> announced - I thought some people would object to this?
In general it's considered good etiquette to contact a package's
maintainers privately about potential vulnerabilities before
making a public announcement. This is intended to give the
maintainers an opportunity to determine if the vulnerability
actually exists in fact, evaluate the potential ramifications,
and to come up with mitigation strategies before it's widely
known among people who might exploit it.
> Hmm.. what about this problem with Zap (or recipes in general)
> - is that something to announce?
It's already been announced on pmwiki-users -- I'm leaving
it to others to decide if a message should also go to
pmwiki-announce.
Anytime someone wants to make an announcement, security-related
or otherwise, it can be posted to <pmwiki-announce at pmichaud.com>.
That's a moderated list, but I'll generally approve the post
unless it's really off-topic for that list.
Pm
More information about the pmwiki-users
mailing list