Wow, that's a faster response than I expected! Great job, and thanks!
I'll use another method next time for security issues. I certainly
appreciate the point about having a patch ready with the announcement. I
didn't find anything on meta that encouraged users to report a security
issue any particular way. I was worried about just posting to the zilla for
fear it would get lost in a sea of requests. One article I found today
suggested posting them to the developer's list. I settled on this list
because it has "security announcements" in it's description. It might be
helpful to have a clear & specific contact point identified (person, private
mailbox etc) for security bugs.
Again, great job!
Jeff
--------------
(In the future please feel free to report security
issues by private
mail, or private message on IRC. Generally speaking it's nice to have a
patch ready before public disclosure, even if this is only a few hours.)
--------------
-----Original Message-----
From: mediawiki-l-bounces(a)Wikimedia.org
[mailto:mediawiki-l-bounces@Wikimedia.org] On Behalf Of Brion Vibber
Sent: Wednesday, August 24, 2005 11:51 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Re: Cross Site Scripting bug in 1.5b4
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l