On 8/24/07, Jordan Wiens <[EMAIL PROTECTED]> wrote: > On Aug 23, 2007, at 7:14 PM, Jason Fesler wrote: > > >> mind that we are 0.1-rc1 and be gentle! ;)) > > > > IMO: Be .. *polite*. But, real problems if identified need a fixin. > > The fact that RC is a 0.1 and not a 1.0 means this is a great time > > to have it come up, before there is too much of an install base for > > RC. > > > > Being that there's always two sides to the argument on disclosure, > > I just want to say thank you Jordan, for giving a chance to do > > things politely. :-) > > Glad to be of service! I'm a big believer and user of open-source, > so this only makes sense to me. I figure everybody wins -- you guys > get a fairly decent security audit (though certainly not > comprehensive -- being that I'm really focusing on testing the > products and not RC itself) and I've got a great test application to > throw scanners against and watch how they handle (or don't as is > mostly the case so far) AJAX apps. > > I've got decent ideas on how to fix most of the vulns already, so > hopefully I won't make much extra work for you guys, but we can still > really tighten the security. > > BTW -- I use RoundCube myself as a backup mail client, so I've got a > vested interest as well. ;-)
Ok, we are all ears. Thanks again, Till _______________________________________________ List info: http://lists.roundcube.net/dev/
