I'm always looking for ways to help Symfony. Count me in. On May 14, 2008, at 6:05 AM, Ian P. Christian wrote:
> > Recently, some idiot has blogged in a negative way about how the > symfony > team handles security issues [1]. If the poster spent more time > developing, and less time talking nonsense on IRC, maybe there wuold > be > less to complain about.... Anyway, the correct place to to discuss > this > kind of thing is the list, so.... here goes! > > Personally, I think it's important users know about security issues as > soon at they happen. It's of my opinion that keeping security issues > 'low key' does nothing by potentially hurt users, and loose trust. > This > topic brings with it a wide range of opinions though, and handling > security issues in the software world isn't an easy task. > > I would like to suggest that a security team is put together, where > issues can be discussed in full by core/trusted developers - and > offical > advisories for any security related issues (regardless of severity) > are > written and published. > > I suggest that clear links are made from the front page of the site, > and > the ticket creation page which link to a page explaining how security > issues are handled. I think an email address for the security team > should be placed on this page, and someone should get back to the > reporter of the issue as soon as possible to let them know their issue > will be dealt with. > > I don't think there's any shame in publishing a security history on > the > site, I feel it's important to be very up front about these issues. > Not > only so users can see issues and how they were delt with, but so that > current and future developers can read and learn from previous > mistakes. > > So, I urge you all to voice your opinions on this - maybe I'm just > making a point over nothing, feel free to voice that opinion too, I'm > thick skinned :) > > > > [1] > http://pookey.co.uk/blog/archives/50-Symfony-security-concerns-and-other-issues.html > > > -- Jacob Coby [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en -~----------~----~----~----~------~----~------~--~---
