Brian Lloyd wrote:
I did check with a fresh 2.6 xx
A DCWorkflow script that was not not called with the version from a few
hours ago is now called but produces the following traceback
This happens when the container binding is set to "container" and also
when it is cleared.
Traceback (innermos
Paul Winkler wrote:
On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote:
How about something along the lines of:
- Development team only disclosure for the first x days (2 to 7 days is
the maximum here I would think), in order to develop a workaround/patch.
- Full disclosure after that,
Jamie Heilman writes:
> Clemens Robbenhaar wrote:
> > malicious Python Scripts on my site (I guess ;-), and I do not use DTML
> > or some Tree-stuff -- thus I did not upgrade yet, and You may feel free
>
> Actually... unless you've altered the ZMI and HelpSys, you do use
> dtml-tree ...and
On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote:
> Brian Lloyd wrote:
> >...or will decide that doing so is unreasonable and use something
> >else instead :( Note that I'm not necessarily criticizing that
> >particular policy, just pointing out that _any_ policy will have
> >some u
Brian Lloyd wrote:
...or will decide that doing so is unreasonable and use something
else instead :( Note that I'm not necessarily criticizing that
particular policy, just pointing out that _any_ policy will have
some upside and some downside. The challenge will be coming to
agreement on a pol
Clemens Robbenhaar wrote:
> malicious Python Scripts on my site (I guess ;-), and I do not use DTML
> or some Tree-stuff -- thus I did not upgrade yet, and You may feel free
Actually... unless you've altered the ZMI and HelpSys, you do use
dtml-tree ...and HelpSys is publically traversable by defa
> I did check with a fresh 2.6 xx
> A DCWorkflow script that was not not called with the version from a few
> hours ago is now called but produces the following traceback
>
> This happens when the container binding is set to "container" and also
> when it is cleared.
>
> Traceback (innermost la
> Brian Lloyd wrote:
> > As the person who unfailingly gets flamed no matter which way the
> > decisions leans :), I think we are probably at a point where we
> > should have an official, documented and community-agreed-to policy
> > on how these kinds of things will be handled.
>
> My intent was
[...]
> there were several security-related fixes in the collector (and the
> collector-mailing-list) in the last days. Normaly security-related stuff is
> not visible for the public... and this seems to be good to avoid exploits
> etc.
At least for the resolved issues the fixed are public
Hi Brian,
Brian Lloyd wrote:
> As the person who unfailingly gets flamed no matter which way the
> decisions leans :), I think we are probably at a point where we
> should have an official, documented and community-agreed-to policy
> on how these kinds of things will be handled.
My intent was not
10 matches
Mail list logo