Maik Jablonski wrote at 2004-1-21 21:20 +0100:
> ...
>My proposal: Can we have a delay for making security-related fixes public?
>Just a month or two or so...
-1
Most of the potential exploits have rather strict requirements
(such as creation of executable content by untrusted users).
Thus, few i
Jamie Heilman writes:
> Clemens Robbenhaar wrote:
> > malicious Python Scripts on my site (I guess ;-), and I do not use DTML
> > or some Tree-stuff -- thus I did not upgrade yet, and You may feel free
>
> Actually... unless you've altered the ZMI and HelpSys, you do use
> dtml-tree ...and
Clemens Robbenhaar wrote:
> malicious Python Scripts on my site (I guess ;-), and I do not use DTML
> or some Tree-stuff -- thus I did not upgrade yet, and You may feel free
Actually... unless you've altered the ZMI and HelpSys, you do use
dtml-tree ...and HelpSys is publically traversable by defa
[...]
> there were several security-related fixes in the collector (and the
> collector-mailing-list) in the last days. Normaly security-related stuff is
> not visible for the public... and this seems to be good to avoid exploits
> etc.
At least for the resolved issues the fixed are public
On Wednesday 21 January 2004 03:21 pm, Jamie Heilman wrote:
> Hiding the bugs doesn't avoid anything, it just leaves zope
> administrators helpless in the dark. I'm not going to rehash the
> arguments for and against full dislosure, but seriously--don't delude
> yourself into thinking that a probl
Maik Jablonski wrote:
> Normaly security-related stuff is not visible for the public... and
> this seems to be good to avoid exploits etc.
Hiding the bugs doesn't avoid anything, it just leaves zope
administrators helpless in the dark. I'm not going to rehash the
arguments for and against full di
Hi,
there were several security-related fixes in the collector (and the
collector-mailing-list) in the last days. Normaly security-related stuff is
not visible for the public... and this seems to be good to avoid exploits
etc.
Lots of security-stuff is fixed now, but I don't think that all people