FreeLists / dokuwiki / [dokuwiki] Re: Handling security issues in DokuWiki plugins

[dokuwiki] || [Date Prev] [03-2008 Date Index] [Date Next] || [Thread Prev] [03-2008 Thread Index] [Thread Next]

[dokuwiki] Re: Handling security issues in DokuWiki plugins

From: Jason Keltz <jas@xxxxxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Wed, 12 Mar 2008 11:00:20 -0400

On 03/12/08 10:51, Jerry Schwartz wrote:

That is somewhat dangerous, since it could lead to unwanted experimentation.
We can't assume that there aren't eavesdroppers on this list.

When I worked for a major vendor in the software (and hardware) field, this
was debated endlessly. We always fell back on the position that we would
announce a security hole when the a patch was available, not before.

That being said, if they are going to post the vulnerability on the Wikipage, and not e-mail it, I may not find out about it until someone hashacked my Wiki site.


Jason.



--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Follow-Ups:
- [dokuwiki] Re: Handling security issues in DokuWiki plugins
  - From: Jerry Schwartz

References:
- [dokuwiki] Handling security issues in DokuWiki plugins
  - From: Andreas Gohr
- [dokuwiki] Re: Handling security issues in DokuWiki plugins
  - From: Jason Keltz
- [dokuwiki] Re: Handling security issues in DokuWiki plugins
  - From: Jerry Schwartz