On Tue, Sep 15, 2009 at 7:17 PM, Andrew Garrett <agarrett(a)wikimedia.org>wrote;wrote:
On 15/09/2009, at 11:40 PM, Anthony wrote:
My
favorite part of that article: "Even the open source MediaWiki
software
has more than its fair share of security vulnerabilities." As
written,
this
suggests that there are unpatched security vulnerabilities
There are. You didn't want us to describe them in our article, did
you?
I think the appropriate expression here is "put up or shut up".
If you are aware of unpatched security vulnerabilities in MediaWiki,
report them to security(a)wikimedia.org, and to this list if you don't
receive a response, and they will be immediately patched.
If you want to offer some sort of bounty program, then maybe. Otherwise, no
thanks.