On 8/22/16 5:31 AM, A. Schulze wrote:
Mark Sapiro:
There is a CSRF vulnerability ...
I have developed a fix...
I'm delaying the release ...
Hello,
don't understand why you wait? Yes some people may need time to plan a
update.
But there are also people not needing such plan. They could use the
patch just now.
But maybe you have your reason to do it in that way.
Anyway: thanks for mailman :-)
Andreas
The normal procedure for security updates in the software industry is an
advanced announcement so people can plan, and then a release at a
specified time point, so people can plan to update right then if possible.
The issue is that the security flaw is normally not generally not know,
and releasing the patch sometimes gives enough information to allow
someone to figure out the security flaw and to exploit it in a short
while, so you want people to be able to rapidly apply the update before
that happens.
--
Richard Damon
_______________________________________________
Mailman-Developers mailing list
Mailman-Developers@python.org
https://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://wiki.list.org/x/QIA9
