[Mailman-Users] any info on this reported exploit?

[Brad Knowles]

At 3:28 PM -0500 2006-01-26, Jim Popovitch wrote:

>  OK, that makes some sense to keep it hush-hush for a while.  HOWEVER, what
>  is the process for notifying Mailman admins of temporary workarounds for
>  this and any other situation?  I honestly don't want to wait for an
>  official patch if there is an interim solution.

	You'll have to get the official word from Barry, but I'm sure 
that as soon as there is any work around that has been determined, 
that would be announced in the appropriate places.

	In the meanwhile, this is the first I've heard of this matter, 
and I don't have any more information to make available to you.

>  Brad, I can assume that many many other admins will want to know of
>  "next-steps" for this problem.  What should we do to make sure we are
>  kept in the loop if it isn't discussed/relayed somehow?

	Right now, there is no next step.  The matter needs to be handled 
through the appropriate channels (which are reasonably secure).  Part 
of that standard process would be making sure that a suitable 
announcement is made at the appropriate time.

	I don't think that we can do anything more than this, and I don't 
think it's reasonable to expect anything more than this.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.