[Typo3] t3-SECURITY???

[daniel schiffner]

Christoph Moeller wrote:
> But: what's the point in shouting out "SECURITY RISK IN TYPO3!!" when 
> the (core-)devs haven't even looked at it?

you didn't even read the thread, did you?
i did NOT shout out t3 is insecure or something like this. as i said i 
just wanted to talk about how typo3 might protect even insecure 
extensions. and though you're too lazy to look ds at netzspiegel up, i 
wrote my name into my account (hope you're all happy now).

> The point is:
> - keep it calm and professional
> - don't trigger script-kiddies that wouldn't even notice any flaw by 
> themselves
> - give the TYPO3 admins enough time to act _before_ mass-exploiting begins

i thought it's our problem if there's a new exploit (???)

> That' got nothing to do with "M$-mentality" but just with being 
> professional about such topics.
> 

indeed it is M$-mentality. open source is like releasing 
security-concerning news and fix it within a couple of hours and not 
like keeping it unsaid and hoping nobody else discovers it!

> Anyways: I strongly believe Karsten&Co (i.e. the Sec-Team) will take any 
> action needed.

i too believe in that! and i'd be willing to help them if they want to 
in cause a real bug should occur. that was the reason i started this 
thread here!

> my 2c.
> Chris