Loading...
 
Skip to main content

Documentation

Forum List Topic List

Forums » Documentation » Security Mailing List » Re: Security Mailing List
You are viewing a reply to Security Mailing List
 
Thread actions
Print this page
  • Print all pages
    • Posted by hansi posts: 5

    Hi!

    > yes: security at tikiwiki.org will let you submit whatever you have found there.

    Thanks. But I'm seeking for a mailing list where I can subscribe to receive any security related issues and especially updates/patches.

    Thanks
    Hansi

    Posted by Damian Parker posts: 2881 United Kingdom

    > Hi!
    >
    > > yes: security at tikiwiki.org will let you submit whatever you have found there.
    >
    > Thanks. But I'm seeking for a mailing list where I can subscribe to receive any security related issues and especially updates/patches.
    >
    > Thanks
    > Hansi
    >

    We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.

    The Security team consists of the Project Admins plus well known developers who have a huge skill level within Tiki code.

    Damian
    http://tikihost.net

    Posted by hansi posts: 5

    Hi!

    > We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.

    This is a noble attitude, but please let me ask why other projects do have a security announce mailing list. I do see the problem, that such a list could help crackers to easily obtain info about weaknesses. OTOH I can't see a reasonable way to receive security advisories with patches in time. Except that I have to poll your site periodically, but that is not what I'm searching for (and what I have time for).

    Would it be possible for the TikiWiki project to distribute such security advisories in a subscribable mailing list, where these advisories don't disclose exact how-tos on hacking TikiWiki, but just a short comment on the severity of the problem and a link to a patch?

    > The Security team consists of the Project Admins plus well known developers who have a huge skill level within Tiki code.

    I'm confident, that TikiWiki does have skilled developers to fix upcoming security flaws, but my question clearly concerns security advisories.

    Bye
    Hansi

    Posted by Damian Parker posts: 2881 United Kingdom

    > Hi!
    >
    > > We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.
    >
    > This is a noble attitude, but please let me ask why other projects do have a security announce mailing list. I do see the problem, that such a list could help crackers to easily obtain info about weaknesses. OTOH I can't see a reasonable way to receive security advisories with patches in time. Except that I have to poll your site periodically, but that is not what I'm searching for (and what I have time for).
    >
    > Would it be possible for the TikiWiki project to distribute such security advisories in a subscribable mailing list, where these advisories don't disclose exact how-tos on hacking TikiWiki, but just a short comment on the severity of the problem and a link to a patch?
    >

    That kind of advistory is usually announced on tikiwiki-users / tikiwiki-devel mailing list.

    Damian


    Collapse/expand modules below