On Thu, Oct 20, 2011 at 1:54 PM, Daniel Brown <danbr...@php.net> wrote:

> On Thu, Oct 20, 2011 at 08:02, Jon Watson <jon.wat...@teamspace.ca> wrote:
> > Hi All,
> >
> > I subscribed to this list thinking that this is where I would get
> security
> > update notices, but this appears to be more of a general list. I've
> looked
> > at all the lists available on PHP.net and I don't see one specifically
> about
> > security.
>     Well, hence the "General" in PHP General.  So I guess we're doing
> something right here.

Absolutely. I was not complaining at all.

> > Can someone tell me which list I should sub to in order to ensure that I
> am
> > advised of security updates?
>     There is no public PHP security mailing list.  Instead, we post
> things right in the open on the website itself, right on the homepage:
>        http://php.net/

OK, thank you. That's not workable for me as I have far too much to keep
track of. I need stuff delivered to me so I'll follow up on some of the
other lists that you and Matthew mention.

>    There are third-party sites that send out security alerts for
> software such as PHP, and you can likely find them easily enough via
> Google.  Off the top of my head, none are coming to mind by name, but
> I have subscribed to their mailings myself over the years, and found
> them to be a pretty reliable resource --- some "underground" public
> groups are particularly useful for zero-day vulnerabilities.
> --
> </Daniel P. Brown>
> Network Infrastructure Manager
> http://www.php.net/

Reply via email to