[TYPO3-dev] Announcing TYPO3 4.2.9
Christian Welzel
gawain at camlann.de
Tue Sep 29 21:57:59 CEST 2009
Georg Ringer wrote:
> really necessary to make it public in this way?
I think so.
Six weeks is a rather long time for a simple one-line-fix.
I was silent for this time in hope, the issue would be fixed in the
next release (which is out now), but it wasn't. And even now i
revealed nothing.
But i wonder: is there any active member in the security team?
do they not communicate with the release manager? Do they communicate
at all? (i never got an reply, what the investigation of my issue
brought to light).
TYPO3 doesnt get more secure if we only tell nobody about the holes.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/key.asc
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
More information about the TYPO3-dev
mailing list