[Typo3] t3-SECURITY???
Karsten Dambekalns
karsten at typo3.org
Sat Feb 12 18:50:05 CET 2005
Hi.
Juergen Egeling wrote:
> * Robert Lemke <robert at typo3.org> [050208 15:29]:
>> yes. That's why it already exists ;-) But for obvious reasons it is a
>> non-public list.
>
> Security by obscurity never was a good idea. This is the only thing
> I do *not* understand with this issue.
It's about being able to discuss solutions for a (potential) problem
*before* everyone can read about it and try the latest exploit.
All projects I know of ask for a grace period before publicly releasing
security issues for that reason.
It's not about obscurity, it's about keeping at least a small advantage of
being ahead in time...
Karsten
More information about the TYPO3-english
mailing list