[dokuwiki] Re: Handling security issues in DokuWiki plugins
- From: "Jerry Schwartz" <jerry@xxxxxxxxx>
- To: <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 12 Mar 2008 11:39:46 -0400
Well, as I said we debated this endlessly. There was a website (whose URL I
forget, I think it might have been part of SANS or CERN) that posted
system-level security problems weekly. It could be an eye-opener for those
who complained that Windows was the buggiest thing ever, since the other OS
flavors often reported as many if not more security-related bugs.
I don't know what their source was.
In any case, simply reporting that there is a hole in a plug-in, without
specifying what it is, would probably be a good middle road.
Regards,
Jerry Schwartz
The Infoshop by Global Information Incorporated
195 Farmington Ave.
Farmington, CT 06032
860.674.8796 / FAX: 860.674.8341
www.the-infoshop.com
www.giiexpress.com
www.etudes-marche.com
-----Original Message-----
From: dokuwiki-bounce@xxxxxxxxxxxxx [mailto:dokuwiki-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason Keltz
Sent: Wednesday, March 12, 2008 11:00 AM
To: dokuwiki@xxxxxxxxxxxxx
Subject: [dokuwiki] Re: Handling security issues in DokuWiki plugins
On 03/12/08 10:51, Jerry Schwartz wrote:
> That is somewhat dangerous, since it could lead to unwanted
experimentation.
> We can't assume that there aren't eavesdroppers on this list.
>
> When I worked for a major vendor in the software (and hardware) field,
this
> was debated endlessly. We always fell back on the position that we would
> announce a security hole when the a patch was available, not before.
That being said, if they are going to post the vulnerability on the Wiki
page, and not e-mail it, I may not find out about it until someone has
hacked my Wiki site.
Jason.
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
