At 2:09 PM +0100 2005-02-14, Florian Weimer wrote:
The underlying assumption seems to be that Mailman security bugs can only be disclosed by posting them on the Mailman lists.
In response to this issue, FAQ 1.27 has been updated, and the mailman-users and mailman-developers mailing lists have likewise been modified to include suitable text at the bottom of every message, as well as on the "listinfo" page, and in the "welcome" message that is sent to all new subscribers.
This matter is now closed.
-- Brad Knowles <[EMAIL PROTECTED]> Python.org Postmaster Team _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
As a general rule, if you have questions regarding sensitive security issues, you can post them to [EMAIL PROTECTED], which is a closed distribution list.
Please do not otherwise discuss sensitive security issues on any public mailing list, until such time as an official announcement has been made, including availability of a patch, etc....
Even if the issue has been publicly discussed in other forums, you should wait for the official announcements before discussing them publicly, whether on mailman-users, mailman-developers, or elsewhere.
