>>>>> "Geoffrey" == Geoffrey Young <[EMAIL PROTECTED]> writes:
Geoffrey> this sensationalism was just flat-out irresponsible. I don't doubt Geoffrey> that it's true, but not giving us dev folks time to address the Geoffrey> issue with a security release is going to cause more headaches than Geoffrey> it otherwise would have. Geoffrey> in the future, if anyone has a security issue with any apache Geoffrey> product, the proper path to follow is to send a brief email to Geoffrey> [EMAIL PROTECTED] those guys will make sure it gets routed to Geoffrey> the appropriate place (the mod_perl pmc and core development team in Geoffrey> this case) and we'll work with you to get it clarified and resolved. I get around. I read various mailing lists. I'm not a dumb guy about Perl stuff. And by the way, I've already been yelled at. :) But this thing about "[EMAIL PROTECTED]" is something that I wouldn't have thought to look for. And even if I had thought to look for it, what web site describes it? A quick google for "security mod_perl" doesn't point it out in the first ten hits or so, and searching literally for it links it far more with the Apache server itself, not mod_perl, and mostly historical links. So please don't tell me that I should have known about a secret mailing list. That's being a bit presumptive. I thought I *was* notifying the most appropriate list (the mod_perl developers). Perhaps your job for the *next* breakage is to make sure your secret mailing list is a bit more public, if you want security reports to go there instead of here. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
