LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

TWiki hole

TWiki hole

Posted Nov 18, 2004 14:11 UTC (Thu) by hmh (subscriber, #3838)
In reply to: TWiki hole by colas
Parent article: freedesktop.org site compromised

[1] You do not have it yet? An announcement mailing list (moderated), where you send at most 1-2 emails/month and all security notices is really a must for any serious project.

[2] You should at the very least notify people through BugTrack, or a bunch of vendor security teams (make sure some Linux distributions are among them, please) which will get word to everyone else.

[3] This would be nice, but you better use proper cryptography to authenticate the updates...

So my reply is all of the above, and that there is no excuse for [1] not being deployed yet.

(Log in to post comments)

TWiki hole

Posted Nov 24, 2004 21:58 UTC (Wed) by maphew (guest, #1147) [Link]

>[2] You should at the very least notify people through BugTrack,

A notice was sent through BugTraq on Nov 12th. http://seclists.org/lists/bugtraq/2004/Nov/0187.html

TWiki hole

Posted Nov 24, 2004 22:42 UTC (Wed) by hmh (subscriber, #3838) [Link]

Then the TWiki users can't really complain that there was no notification of the issue, or that it was hidden away inside a Wiki. Maybe it could have been done better, but that's something else.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds