[pmwiki-users] suggestion for security notifications
Neil Herber
nospam at eton.ca
Tue Sep 5 08:26:17 CDT 2006
At 2006-09-05 03:11 PM +0200, Dominique Faure is rumored to have said:
>>So please, if you have found a vulnerability of any type, send a
>>*private* email to Patrick first and discuss it with him.
>>
>>No sense in giving the bad guys a head start.
>
>According to original discoverer site [1] and PmWiki change log[2]
>this is a quite old vulnerability, which has already been taken in
>account.
I was not commenting on any particular vulnerability. I was
suggesting that rather than posting vulnerabilities directly to this
list, send them to Patrick so that he can assess them first.
If the vulnerability has not been addressed, a public posting just
gives crackers notice
If the vulnerability has been addressed, but the posting makes it
sound new, it just makes PmWiki look less secure than it really is.
Neil Herber
Corporate info at http://www.eton.ca/
More information about the pmwiki-users
mailing list