On mar., 2013-01-08 at 18:04 +0000, Dominic Hargreaves wrote: > Security team, shall I upload to security-master?
Yes, please. > > It might be useful in a DSA to recommend restricting the > mt-upgrade.cgi > script to trusted IP addresses, but I don't think it's something we > can do by default, as browser accesss to mt-upgrade.cgi is needed to > complete upgrades. To be honest, I'd be comfortable to restrict it to 127.0.0.1/::1 but that's not really something we can change on a stable update. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
