LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

LWN.net Weekly Edition for February 2, 2012

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

TWiki hole

TWiki hole

Posted Nov 18, 2004 18:07 UTC (Thu) by JoeBuck (subscriber, #2330)
In reply to: TWiki hole by colas
Parent article: freedesktop.org site compromised

Forget about any mechanism where you tell only registered TWiki users about bugs. The Twiki attempts to pressure people to register are wrong-headed, and there's nothing to stop black hats from subscribing to any mailing list you set up.

Don't hide bugs. Certainly it can be wise to let the good guys have a head start, for example by alerting any distros that package TWiki in advance. But once you know that people are actively exploiting a security hole, it's your obligation to alert the general public.

(Log in to post comments)

TWiki hole

Posted Nov 24, 2004 9:47 UTC (Wed) by Cato (subscriber, #7643) [Link]

I agree about the low-volume security alert list - not yet in place, but as one of the developers I will help to make sure this happens. Separately, we removed the requirement to register for <a href="http://twiki.org/download.html">TWiki downloads</a> a while back - in retrospect we should have created the announcement list then.
<p>
There is some discussion of the proposed TWiki <a href="http://twiki.org/cgi-bin/view/Codev/TWikiSecurityAlertPro...">security alert process</a> at TWiki.org, please feel free to join in there.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds