Loading...
 
Documentation

Documentation


posts: 5

Hi!

> yes: security at tikiwiki.org will let you submit whatever you have found there.

Thanks. But I'm seeking for a mailing list where I can subscribe to receive any security related issues and especially updates/patches.

Thanks
Hansi

posts: 2881 United Kingdom

> Hi!
>
> > yes: security at tikiwiki.org will let you submit whatever you have found there.
>
> Thanks. But I'm seeking for a mailing list where I can subscribe to receive any security related issues and especially updates/patches.
>
> Thanks
> Hansi
>

We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.

The Security team consists of the Project Admins plus well known developers who have a huge skill level within Tiki code.

Damian
http://tikihost.net

posts: 5

Hi!

> We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.

This is a noble attitude, but please let me ask why other projects do have a security announce mailing list. I do see the problem, that such a list could help crackers to easily obtain info about weaknesses. OTOH I can't see a reasonable way to receive security advisories with patches in time. Except that I have to poll your site periodically, but that is not what I'm searching for (and what I have time for).

Would it be possible for the TikiWiki project to distribute such security advisories in a subscribable mailing list, where these advisories don't disclose exact how-tos on hacking TikiWiki, but just a short comment on the severity of the problem and a link to a patch?

> The Security team consists of the Project Admins plus well known developers who have a huge skill level within Tiki code.

I'm confident, that TikiWiki does have skilled developers to fix upcoming security flaws, but my question clearly concerns security advisories.

Bye
Hansi

posts: 2881 United Kingdom

> Hi!
>
> > We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.
>
> This is a noble attitude, but please let me ask why other projects do have a security announce mailing list. I do see the problem, that such a list could help crackers to easily obtain info about weaknesses. OTOH I can't see a reasonable way to receive security advisories with patches in time. Except that I have to poll your site periodically, but that is not what I'm searching for (and what I have time for).
>
> Would it be possible for the TikiWiki project to distribute such security advisories in a subscribable mailing list, where these advisories don't disclose exact how-tos on hacking TikiWiki, but just a short comment on the severity of the problem and a link to a patch?
>

That kind of advistory is usually announced on tikiwiki-users / tikiwiki-devel mailing list.

Damian


Upcoming Events

No records to display

Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.