Brad Knowles wrote: > At 2:11 PM -0500 2006-01-28, Jim Popovitch wrote: > >> The whole reason for me waxing so passionately on this thread is the >> earlier suggestion that Diana shouldn't have even emailed mailman-users, >> but rather mailman-security and kept it quiet thereafter (this after it >> was already released over at securityfocus.com). > > Correct. See FAQ 1.27. That is the official Security Policy of > this mailing list, and that information is included in the footer of > every single mail message which passes through this list.
But, Diana wasn't emailing sensitive info. She was asking a very important question about something that was already public. You then told her that she should have gone to the secret-handshake club. Are you suggesting that all "Hey, has this been fixed yet" questions should be off list and only one-on-one with mailman-security? > In this case, no harm was done, since the bug had already been > "fixed" through the work that Tokio had done in creating the next > release of the code, and the real problem was the disconnect in what we > were calling the bug and what they were calling it. But the potential > was certainly there. > > But if you can't adhere to the official Security Policy of this > mailing list, then you shouldn't be posting here, and you shouldn't be > subscribed. er, Right.... (the elitism really shines through Brad). -Jim P. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp