we were going to set up [EMAIL PROTECTED] at one point with a closed list of recieptients.. mainly core devs and a few QA People who can check out if it is a security problem or not.
Dont think this ever happen. Perhaps it would be an idea though - James ----- Original Message ----- From: "Rasmus Lerdorf" <[EMAIL PROTECTED]> To: "Jani Taskinen" <[EMAIL PROTECTED]> Cc: "Flavio Veloso" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, October 06, 2001 2:21 AM Subject: [PHP-DEV] Re: Security e-mail address > Oh Jani, relax. He wanted somewhere non-public. php-dev is archived > everywhere as is [EMAIL PROTECTED] group@ is the only non-archived > address. If there is a real problem we will most definitely forward it to > php-dev, but if someone asks for a private contact address I give the only > one we have. Most of these are false alarms anyway. > > -Rasmus > > On Sat, 6 Oct 2001, Jani Taskinen wrote: > > > > > What's wrong with php-dev? IIRC the [EMAIL PROTECTED] handles > > only administration of the site and stuff.. > > There can't be anything that fatal that all the people > > subscribed to php-dev shouldn't see. Or has PHP suddenly > > changed into closed-source? > > > > --Jani > > > > > > > > On Fri, 5 Oct 2001, Rasmus Lerdorf wrote: > > > > >use [EMAIL PROTECTED] please > > > > > >On Fri, 5 Oct 2001, Flavio Veloso wrote: > > > > > >> Hi Webmaster. > > >> > > >> Is there any mail address that can be used to discuss security issues > > >> related to PHP? > > >> > > >> We know that we could use your bug tracking system to report problems, > > >> but it doesn't seem appropriate to disclose a security bug before PHP > > >> developers have a chance to look at it. > > >> > > >> We are a Linux and network security research company that lives in > > >> Brazil. Maybe we have discovered a problem which has some security > > >> implications. We are not completely sure if it's a bug in PHP (and how > > >> to solve it, even if it isn't), and would like to share it with the > > >> PHP people privately. > > >> > > >> BTW, sorry to bother you with this, but your mail address was the only > > >> one I could find on the www.php.net website. > > >> > > >> > > > > > > > > -- > PHP Development Mailing List <http://www.php.net/> > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] > -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
