Mark Sapiro wrote: > Jim Popovitch wrote: >> OK, but what about the next one? What do Mailman system admins do, wait? > > Yes, I think so. The alternative is everyone goes off half-cocked and > you have a situation such as occurred about a year ago with the > CAN-2005-0202 issue <http://www.list.org/security.html>. In this case, > someone developed a patch which SuSE pushed out through their > automatic update process, but the patch was dependent on a part of the > Python library that SuSE didn't install by default and the dependency > wasn't noted. This caused a lot of grief at the time. See > <http://www.google.com/search?hl=en&q=site%3Amail.python.org++inurl%3Amailman-users+suse+sax>.
OK, so that is just one example (ok, I'm sure their might be others). HOWEVER, that example smells of BAD TESTING, not a bad solution. Shame on Suse (or whoever). The problem wasn't a Mailman problem, in fact I think Mailman developers (or someone) should be congratulated for getting a fix out there rather than sitting on it. I'm pretty sure that the "insiders" fix their systems first, then tell the rest of us about the patch, probably at the last minute possible. I challenge everyone on mailman-secure (or whatever list it is) to NOT touch your public Mailman systems until you notify mailman-users of the solution to the next vulnerability. Deal? -Jim P. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
