[TYPO3] a thought about security announcements and automatic security alert - part II
Francois Suter
fsuter at cobweb.ch
Thu Jun 19 20:52:08 CEST 2008
Hi Krystian,
Sorry for the late answer, but I didn't have time to come back to this
topic before now.
> A few days ago we had a thread:
> "a thought about security announcements and automatic security alert"
>
> [...]
>
> I gathered all the clues from the previous thread (from Dmitry, Georg,
> Markus) and created a proposal in the wiki:
>
> http://wiki.typo3.org/index.php/Security_Bulletin_file_format
I looked at you wrote there and it looks pretty. About the problem with
the "all versions affected" or "TYPO3 versions 3.x" I think there's no
escaping but being more precise about the version numbers. I hope the
security team will agree with that need.
There's one thing you overlooked (I thought about it after today's bulk
security announcement): some extensions are not patched and so are
removed from the TER. This should also appear in the security bulletin
file, probably as a separated tag. Something like <deleted>1</deleted>.
Thanks for your work.
--
Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch
More information about the TYPO3-english
mailing list