[Mailman-Users] security heads up - path traversal with 2.1.5
Brad Knowles
brad at stop.mail-abuse.org
Thu Feb 10 08:49:55 CET 2005
At 10:15 PM -0800 2005-02-09, Chuq Von Rospach wrote:
> my position is simple (and unchanged): if it's not your project, don't
> make strategic decisions about it. it was barry's call. Barry and Toiko
> were working the issue and trying to get things ready. By having it
> prematurely disclosed to a wide audience, those plans were screwed, and
> so were Barry's and Toiko's schedules and lives.
Very good point.
> That, enough, is reason
> enough to not do it, but it also likely caused some sites to get hacked
> that wouldn't have been, if it'd been handled properly.
So, is the updated version of FAQ 1.27 strong enough for you, or
do you think it needs to be made even stronger?
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list