On Tue, Sep 15, 2009 at 5:26 PM, Anthony wikimail@inbox.org wrote:
On Tue, Sep 15, 2009 at 7:17 PM, Andrew Garrett <agarrett@wikimedia.org
wrote:
On 15/09/2009, at 11:40 PM, Anthony wrote:
My favorite part of that article: "Even the open source MediaWiki software has more than its fair share of security vulnerabilities." As written, this suggests that there are unpatched security vulnerabilities
There are. You didn't want us to describe them in our article, did you?
I think the appropriate expression here is "put up or shut up".
If you are aware of unpatched security vulnerabilities in MediaWiki, report them to security@wikimedia.org, and to this list if you don't receive a response, and they will be immediately patched.
If you want to offer some sort of bounty program, then maybe. Otherwise, no thanks.
This is quite possibly the slimiest thing I've ever read on these lists.