[pmwiki-users] suggestion for security notifications

Neil Herber nospam at eton.ca
Tue Sep 5 08:26:17 CDT 2006


At 2006-09-05  03:11 PM +0200, Dominique Faure is rumored to have said:
>>So please, if you have found a vulnerability of any type, send a
>>*private* email to Patrick first and discuss it with him.
>>
>>No sense in giving the bad guys a head start.
>
>According to original discoverer site [1] and PmWiki change log[2]
>this is a quite old vulnerability, which has already been taken in
>account.

I was not commenting on any particular vulnerability. I was 
suggesting that rather than posting vulnerabilities directly to this 
list, send them to Patrick so that he can assess them first.

If the vulnerability has not been addressed, a public posting just 
gives crackers notice

If the vulnerability has been addressed, but the posting makes it 
sound new, it just makes PmWiki look less secure than it really is.


Neil Herber
Corporate info at http://www.eton.ca/ 





More information about the pmwiki-users mailing list