Hi!
On Mar 01, Benjamin Pflugmann wrote:
> Hi.
>
> On Mon, Feb 26, 2001 at 08:57:19PM +0100, you wrote
> [...]
> > Yes, security info is to be sent to announcement list.
>
> Well, the last two weren't sent to the announcement list, AFAIK. Well,
> it's a question of its own, whether to send an announcement out due to
> an buffer overflow in the client.
>
> But the people on bugtraq thought it was worth an email and people who
> are very security-aware may want to be informed about potentially
> exploitable bugs.
>
> If I wouldn't get aware about these problems by the mysql general list
> and bugtraq, I think I would feel uninformed by the announcement list
> (regarding security issues).
>
> Bye,
>
> Benjamin.
That's true.
For quite a long time there were no security-related bugs in MySQL :-)
and we, really, happen not to have a policy about this.
Now, <[EMAIL PROTECTED]> is created for reporting security-related
issues (NOTE EVERYBODY !!!), and information about such bugs from now on
would be posted to announcement list, for everybody would have
his chance to upgrade ASAP.
And there're also announcements about new MySQL version, with
their "What's New" section...
Regards,
Sergei
--
MySQL Development Team
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik <[EMAIL PROTECTED]>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
