Hi Brian,
Brian Lloyd wrote:
As the person who unfailingly gets flamed no matter which way the
decisions leans :), I think we are probably at a point where we
should have an official, documented and community-agreed-to policy
on how these kinds of things will be handled.
My intent was not
[...]
there were several security-related fixes in the collector (and the
collector-mailing-list) in the last days. Normaly security-related stuff is
not visible for the public... and this seems to be good to avoid exploits
etc.
At least for the resolved issues the fixed are public
Brian Lloyd wrote:
As the person who unfailingly gets flamed no matter which way the
decisions leans :), I think we are probably at a point where we
should have an official, documented and community-agreed-to policy
on how these kinds of things will be handled.
My intent was not
I did check with a fresh 2.6 xx
A DCWorkflow script that was not not called with the version from a few
hours ago is now called but produces the following traceback
This happens when the container binding is set to container and also
when it is cleared.
Traceback (innermost last):
Clemens Robbenhaar wrote:
malicious Python Scripts on my site (I guess ;-), and I do not use DTML
or some Tree-stuff -- thus I did not upgrade yet, and You may feel free
Actually... unless you've altered the ZMI and HelpSys, you do use
dtml-tree ...and HelpSys is publically traversable by
Brian Lloyd wrote:
...or will decide that doing so is unreasonable and use something
else instead :( Note that I'm not necessarily criticizing that
particular policy, just pointing out that _any_ policy will have
some upside and some downside. The challenge will be coming to
agreement on a
On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote:
Brian Lloyd wrote:
...or will decide that doing so is unreasonable and use something
else instead :( Note that I'm not necessarily criticizing that
particular policy, just pointing out that _any_ policy will have
some upside
Jamie Heilman writes:
Clemens Robbenhaar wrote:
malicious Python Scripts on my site (I guess ;-), and I do not use DTML
or some Tree-stuff -- thus I did not upgrade yet, and You may feel free
Actually... unless you've altered the ZMI and HelpSys, you do use
dtml-tree ...and HelpSys
Paul Winkler wrote:
On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote:
How about something along the lines of:
- Development team only disclosure for the first x days (2 to 7 days is
the maximum here I would think), in order to develop a workaround/patch.
- Full disclosure after
Brian Lloyd wrote:
I did check with a fresh 2.6 xx
A DCWorkflow script that was not not called with the version from a few
hours ago is now called but produces the following traceback
This happens when the container binding is set to container and also
when it is cleared.
Traceback (innermost
10 matches
Mail list logo
