[TYPO3-dev] [ANN] Pre-announcement for important security update

R. van Twisk typo3 at rvt.dds.nl
Wed Dec 20 14:57:29 CET 2006


Hey Ingmar and Peter,

first of all thank for taking care of security issues in typo3!!

However I must admit that doing that 3 days before x-mass
was not such a wise decision.

Here is why:

I have 4 servers here with plenty enough websites,
I am sure there are others with many more servers and websites.

This security bulletin creates some 'stress' among system-
administrators and I have even two servers that MUST go
through a change and testing process and cannot simply
be upgraded which cannot be done right now because
people are on holidays. (which is quite normal around this time).

For script kiddies it IS holidays and it might be a excellent time
to fool and hack around, check security bulletins etc (in
worst case scenario)

Since there was not real danger and no know exploits I would
like to ask the security team to not release bulletins in these cases
at times where people need rest, like 3 days before x-mass and I think
it would have been better to wait a couple of days.

I am sure that the security team by now did secure there sites,
so they are drinking a gluehwein and enjoy there holidays,
however there are many others, 3 days before x-mass upgrading there sites.

I truly hope it will be considered the next time before releasing it...

I do wish you all the best x-mass and a great new year!

thanks,
Ries van Twisk






-- 
Ries van Twisk
Freelance Typo3 Developer
=== Private:
email: ries at vantwisk.nl
web:   http://www.rvantwisk.nl/freelance-typo3.html
skype: callto://r.vantwisk






More information about the TYPO3-dev mailing list