[dokuwiki] Re: Handling security issues in DokuWiki plugins

• From: Jason Keltz <jas@xxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Wed, 12 Mar 2008 11:00:20 -0400

On 03/12/08 10:51, Jerry Schwartz wrote:

That is somewhat dangerous, since it could lead to unwanted experimentation.
We can't assume that there aren't eavesdroppers on this list.

When I worked for a major vendor in the software (and hardware) field, this
was debated endlessly. We always fell back on the position that we would
announce a security hole when the a patch was available, not before.

That being said, if they are going to post the vulnerability on the Wiki page, and not e-mail it, I may not find out about it until someone has hacked my Wiki site.

Jason.



--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Handling security issues in DokuWiki plugins
    • From: Jerry Schwartz

• References:
  • [dokuwiki] Handling security issues in DokuWiki plugins
    • From: Andreas Gohr
  • [dokuwiki] Re: Handling security issues in DokuWiki plugins
    • From: Jason Keltz
  • [dokuwiki] Re: Handling security issues in DokuWiki plugins
    • From: Jerry Schwartz

Other related posts:

• » [dokuwiki] Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins
• » [dokuwiki] Re: Handling security issues in DokuWiki plugins

1. Home
2. dokuwiki
3. Archive
4. 03-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---