[TYPO3] a thought about security announcements and automatic security alert
Krystian Szymukowicz
typo3RE.MO.VE. at RE.MO.VE.prolabium.com
Tue May 27 10:41:33 CEST 2008
Dmitry Dulepov [typo3] wrote:
> Benjamin Mack wrote:
>> Please contact the security team for that:
>> http://typo3.org/teams/security/contact-us/
>
> As far as I know they are overloaded with work. It is better to
propose them something real (like a plan) instead of general ideas.
>
So can we make together a little more specific plan before I will send
an email to them?
Writing proper extension wouldn't be a problem. I can take care of that.
The only thing to figure out is format of the file.
Below just my propose.
ext_key; constrains ; security_bulletin_number
Constrains can be:
1) all below and this, for example:
=<4.0.6
2) a list of comma separated values
4.06,4.03,4.01
So it would be something as simple as:
sg_zfelib;=<1.1.512;TYPO3-20080527-2
kj_imagelightbox2;=<1.4.2;TYPO3-20080527-1
air_filemanager;=<0.6.0;TYPO3-20080515-2
etc.
I can make such initial list.
Anyone have some better idea how it should looks like? Is there need for
more information? Put it into XML?
I think the file should be as little as possible, because it will be
fetched quite often. Zip it?
--
grtz
Krystian Szymukowicz
PS: @Christopher Torgalson - tnx for pointing wrong thread :)
More information about the TYPO3-english
mailing list