[dokuwiki] Re: Handling security issues in DokuWiki plugins
- From: "Jerry Schwartz" <jerry@xxxxxxxxx>
- To: <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 12 Mar 2008 10:51:27 -0400
That is somewhat dangerous, since it could lead to unwanted experimentation.
We can't assume that there aren't eavesdroppers on this list.
When I worked for a major vendor in the software (and hardware) field, this
was debated endlessly. We always fell back on the position that we would
announce a security hole when the a patch was available, not before.
Regards,
Jerry Schwartz
The Infoshop by Global Information Incorporated
195 Farmington Ave.
Farmington, CT 06032
860.674.8796 / FAX: 860.674.8341
www.the-infoshop.com
www.giiexpress.com
www.etudes-marche.com
-----Original Message-----
From: dokuwiki-bounce@xxxxxxxxxxxxx [mailto:dokuwiki-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason Keltz
Sent: Wednesday, March 12, 2008 9:09 AM
To: dokuwiki@xxxxxxxxxxxxx
Subject: [dokuwiki] Re: Handling security issues in DokuWiki plugins
On 03/11/08 17:54, Andreas Gohr wrote:
> Whenever someone discovers a security issue in a plugin there should be
> done two things:
>
> 1. Send an email to the author of the plugin, explaining the problem
>
> 2. Add an 'securityissue' field to the data in the plugin page. This
> field should contain a short description of the problem.
I think an email should be sent to this list as well.
Jason.
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
