Wow, that's a faster response than I expected! Great job, and thanks!
I'll use another method next time for security issues. I certainly appreciate the point about having a patch ready with the announcement. I didn't find anything on meta that encouraged users to report a security issue any particular way. I was worried about just posting to the zilla for fear it would get lost in a sea of requests. One article I found today suggested posting them to the developer's list. I settled on this list because it has "security announcements" in it's description. It might be helpful to have a clear & specific contact point identified (person, private mailbox etc) for security bugs.
Again, great job!
Jeff
--------------
(In the future please feel free to report security issues by private mail, or private message on IRC. Generally speaking it's nice to have a patch ready before public disclosure, even if this is only a few hours.)
--------------
-----Original Message----- From: mediawiki-l-bounces@Wikimedia.org [mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Brion Vibber Sent: Wednesday, August 24, 2005 11:51 PM To: MediaWiki announcements and site admin list Subject: Re: [Mediawiki-l] Re: Cross Site Scripting bug in 1.5b4
_______________________________________________ MediaWiki-l mailing list MediaWiki-l@Wikimedia.org http://mail.wikipedia.org/mailman/listinfo/mediawiki-l