Advertisement
Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux applications on the same desktop.
Sponsored link
Vyatta –
Linux & Open Source
Alternative to Cisco –
Advanced Routing,
Firewall, VPN, QoS..
Free Download ->
| |||||||||||
TWiki holeTWiki holePosted Nov 18, 2004 18:07 UTC (Thu) by JoeBuck (subscriber, #2330)In reply to: TWiki hole by colas Parent article: freedesktop.org site compromised Forget about any mechanism where you tell only registered TWiki users about bugs. The Twiki attempts to pressure people to register are wrong-headed, and there's nothing to stop black hats from subscribing to any mailing list you set up. Don't hide bugs. Certainly it can be wise to let the good guys have a head start, for example by alerting any distros that package TWiki in advance. But once you know that people are actively exploiting a security hole, it's your obligation to alert the general public.
(Log in to post comments)
TWiki hole Posted Nov 24, 2004 9:47 UTC (Wed) by Cato (subscriber, #7643) [Link] I agree about the low-volume security alert list - not yet in place, but as one of the developers I will help to make sure this happens. Separately, we removed the requirement to register for <a href="http://twiki.org/download.html">TWiki downloads</a> a while back - in retrospect we should have created the announcement list then.<p> There is some discussion of the proposed TWiki <a href="http://twiki.org/cgi-bin/view/Codev/TWikiSecurityAlertPro...">security alert process</a> at TWiki.org, please feel free to join in there.
|
|||||||||||