[PHP] Where Are Security Updates Announced?
Hi All, I subscribed to this list thinking that this is where I would get security update notices, but this appears to be more of a general list. I've looked at all the lists available on PHP.net and I don't see one specifically about security. Can someone tell me which list I should sub to in order to ensure that I am advised of security updates? Thanks
Re: [PHP] Where Are Security Updates Announced?
On Thu, Oct 20, 2011 at 08:02, Jon Watson jon.wat...@teamspace.ca wrote: Hi All, I subscribed to this list thinking that this is where I would get security update notices, but this appears to be more of a general list. I've looked at all the lists available on PHP.net and I don't see one specifically about security. Well, hence the General in PHP General. So I guess we're doing something right here. Can someone tell me which list I should sub to in order to ensure that I am advised of security updates? There is no public PHP security mailing list. Instead, we post things right in the open on the website itself, right on the homepage: http://php.net/ There are third-party sites that send out security alerts for software such as PHP, and you can likely find them easily enough via Google. Off the top of my head, none are coming to mind by name, but I have subscribed to their mailings myself over the years, and found them to be a pretty reliable resource --- some underground public groups are particularly useful for zero-day vulnerabilities. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where Are Security Updates Announced?
On 2011/10/20, at 12:54, Daniel Brown wrote: There are third-party sites that send out security alerts for software such as PHP, and you can likely find them easily enough via Google. Off the top of my head, none are coming to mind by name, but I have subscribed to their mailings myself over the years, and found them to be a pretty reliable resource --- some underground public groups are particularly useful for zero-day vulnerabilities. I've been on Bugtraq for years, and have found it to be very useful (if a bit noisy). It's heavily moderated, but there's still so much software out there that it can get a few dozen emails a day. http://www.securityfocus.com/ about halfway down the page fill in your email address, and then check off the Bugtraq list in the bottom half. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Where Are Security Updates Announced?
Hi, On Thu, Oct 20, 2011 at 1:54 PM, Daniel Brown danbr...@php.net wrote: On Thu, Oct 20, 2011 at 08:02, Jon Watson jon.wat...@teamspace.ca wrote: Hi All, I subscribed to this list thinking that this is where I would get security update notices, but this appears to be more of a general list. I've looked at all the lists available on PHP.net and I don't see one specifically about security. Well, hence the General in PHP General. So I guess we're doing something right here. Absolutely. I was not complaining at all. Can someone tell me which list I should sub to in order to ensure that I am advised of security updates? There is no public PHP security mailing list. Instead, we post things right in the open on the website itself, right on the homepage: http://php.net/ OK, thank you. That's not workable for me as I have far too much to keep track of. I need stuff delivered to me so I'll follow up on some of the other lists that you and Matthew mention. There are third-party sites that send out security alerts for software such as PHP, and you can likely find them easily enough via Google. Off the top of my head, none are coming to mind by name, but I have subscribed to their mailings myself over the years, and found them to be a pretty reliable resource --- some underground public groups are particularly useful for zero-day vulnerabilities. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/