The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 |
From: Malcolm Tredinnick <malc...@pointy-stick.com>
Date: Thu, 10 Aug 2006 15:20:04 +1000
Local: Thurs, Aug 10 2006 1:20 am
Subject: Re: If there was massive security hole found in Django, are there plans in place to deal with it?
On Wed, 2006-08-09 at 23:50 -0500, James Bennett wrote: This is pretty much a solved problem. It is coordinated through the > [...] > And as much as some people I've talked to have been wailing and > gnashing teeth about Rails being into Mac OS X 10.5 while Django > isn't, well, I don't envy somebody who gets shipped as part of a major > operating system when it comes time to issue security updates :) vendor security contacts lists that Ian was talking about. It happens more often than you may realise: Apache or OpenSSL or the Linux kernel or some other pervasive, critical component has a security hole discovered and the release of the updates is coordinated and simultaneous. So Apple would release the updates on the same day as everybody else. If you do it well, you don't end up where people look at you like Microsoft and think they can't trust the update (another advantage of Open Source, too). Often the upstream source can supply the patch, so the vendors need only audit it and do package rebuilds and rush it through release QA (again, they'll often have priority paths internally for security fixes). Regards, You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
| |||||||||||||