That is somewhat dangerous, since it could lead to unwanted experimentation. We can't assume that there aren't eavesdroppers on this list. When I worked for a major vendor in the software (and hardware) field, this was debated endlessly. We always fell back on the position that we would announce a security hole when the a patch was available, not before. Regards, Jerry Schwartz The Infoshop by Global Information Incorporated 195 Farmington Ave. Farmington, CT 06032 860.674.8796 / FAX: 860.674.8341 www.the-infoshop.com www.giiexpress.com www.etudes-marche.com -----Original Message----- From: dokuwiki-bounce@xxxxxxxxxxxxx [mailto:dokuwiki-bounce@xxxxxxxxxxxxx] On Behalf Of Jason Keltz Sent: Wednesday, March 12, 2008 9:09 AM To: dokuwiki@xxxxxxxxxxxxx Subject: [dokuwiki] Re: Handling security issues in DokuWiki plugins On 03/11/08 17:54, Andreas Gohr wrote: > Whenever someone discovers a security issue in a plugin there should be > done two things: > > 1. Send an email to the author of the plugin, explaining the problem > > 2. Add an 'securityissue' field to the data in the plugin page. This > field should contain a short description of the problem. I think an email should be sent to this list as well. Jason. -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist -- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist