At 1:00 AM -0500 2006-01-27, Jim Popovitch wrote: > I'm pretty sure that the > "insiders" fix their systems first, then tell the rest of us about the > patch, probably at the last minute possible.
The "insiders" here are people like Barry, Tokio, and Mark. I can't speak for what they do on their personal systems, but my recollection is that python.org wasn't updated until the patch was publicly available. And even I don't have access to their internal discussions regarding such matters. So, you're no worse off than I am. > I challenge everyone on > mailman-secure (or whatever list it is) to NOT touch your public > Mailman systems until you notify mailman-users of the solution to the > next vulnerability. Deal? They do have to do their development somewhere, right? I mean, you give them that much, I hope. And they do need to do at least some minimal testing on a live production system before they release that to the public, right? I mean, you wouldn't want to try using something that had never been tested anywhere, would you? There is a QA process that such patches need to go through, even if we're talking about a bug that is being currently being exploited widely. In fact, the more it's being exploited, and the more dangerous it is, I think the more testing needs to be done to make sure that it's caught and completely dealt with, and there aren't any unintended consequences. -- Brad Knowles, <[EMAIL PROTECTED]> "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 LOPSA member since December 2005. See <http://www.lopsa.org/>. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp