At 12:31 AM +0100 2005-02-10, Kai Schaetzl wrote:
Either way, something like this should have been left to the project developers (i.e. barry) to disclose.
Correct. But it's out and it's not Ron to blame, so I don't see a reason for slapping Ron for posting it finally to the list.
There are two sides to this matter. You are correct, that the public posting has been made, and the blackhats presumably already know about it. They're more likely to be monitoring the full-disclosure list than this one, anyway.
However, I also take Chuq's point that all security announcements to this list, and all related mailman mailing lists hosted on python.org, should be made by Barry or one of the other core developers. Even if the information has been publicly released elsewhere, it is not appropriate to post it here unless you are one of those people.
-- Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info. ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
