[TYPO3-dev] Announcing TYPO3 4.2.9
Dmitry Dulepov
dmitry.dulepov at gmail.com
Wed Sep 30 16:24:45 CEST 2009
Hi!
Christian Welzel wrote:
> The last email i got was the "we invesigate, please stay silent"-email.
> This mail was send after me explicitly asking for a status report of
> investigation, and six days after the initial report. These are reponse
> times of German bureaucracy, but not the ones of a security team...
It is not about bureacracy but about time. Security team members work on security issues in their free time. So if there is a choice "customer vs security work", guess what would be the choice :) It is the same as for the core team and the rest of TYPO3. There are no full time developers in v4. There is nothing new, good or bad about it. It is just as a fact, which should be taken into account.
Those security issues are known, when time permits they will be fixed. FIxing security issues is not just committing something to SVN. It requires coordination between security team and release managers of all active branches (which is 4.1, 4.2 and 4.3) because a new version must be packaged immediately after commits. It is pretty hard to get all these people working on the fix + release at the same moment because they all are busy at their main work.
That issue will be fixed eventually. Just be patient. It is not the first and not the last security issue :)
--
Dmitry Dulepov
Facebook: http://www.facebook.com/dmitryd
Twitter: http://twitter.com/dmitryd
Skype: liels_bugs
More information about the TYPO3-dev
mailing list