Re: [Mailman-Users] any info on this reported exploit?

Fri, 27 Jan 2006 02:36:57 -0800 

At 1:00 AM -0500 2006-01-27, Jim Popovitch wrote:

>                                              I'm pretty sure that the
>  "insiders" fix their systems first, then tell the rest of us about the
>  patch, probably at the last minute possible.

        The "insiders" here are people like Barry, Tokio, and Mark.  I 
can't speak for what they do on their personal systems, but my 
recollection is that python.org wasn't updated until the patch was 
publicly available.  And even I don't have access to their internal 
discussions regarding such matters.

        So, you're no worse off than I am.

>                                                I challenge everyone on
>  mailman-secure (or whatever list it is) to NOT touch your public
>  Mailman systems until you notify mailman-users of the solution to the
>  next vulnerability.  Deal?

        They do have to do their development somewhere, right?  I mean, 
you give them that much, I hope.  And they do need to do at least 
some minimal testing on a live production system before they release 
that to the public, right?  I mean, you wouldn't want to try using 
something that had never been tested anywhere, would you?


        There is a QA process that such patches need to go through, even 
if we're talking about a bug that is being currently being exploited 
widely.

        In fact, the more it's being exploited, and the more dangerous it 
is, I think the more testing needs to be done to make sure that it's 
caught and completely dealt with, and there aren't any unintended 
consequences.

-- 
Brad Knowles, <[EMAIL PROTECTED]>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See <http://www.lopsa.org/>.
------------------------------------------------------
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&amp;file=faq01.027.htp

Reply via email to