The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
From: Malcolm Tredinnick <malc...@pointy-stick.com>
Date: Thu, 10 Aug 2006 15:20:04 +1000
Local: Thurs, Aug 10 2006 1:20 am
Subject: Re: If there was massive security hole found in Django, are there plans in place to deal with it?
On Wed, 2006-08-09 at 23:50 -0500, James Bennett wrote:This is pretty much a solved problem. It is coordinated through the
> And as much as some people I've talked to have been wailing and
> gnashing teeth about Rails being into Mac OS X 10.5 while Django
> isn't, well, I don't envy somebody who gets shipped as part of a major
> operating system when it comes time to issue security updates :)
vendor security contacts lists that Ian was talking about. It happens
more often than you may realise: Apache or OpenSSL or the Linux kernel
or some other pervasive, critical component has a security hole
discovered and the release of the updates is coordinated and
simultaneous. So Apple would release the updates on the same day as
everybody else. If you do it well, you don't end up where people look at
you like Microsoft and think they can't trust the update (another
advantage of Open Source, too). Often the upstream source can supply the
patch, so the vendors need only audit it and do package rebuilds and
rush it through release QA (again, they'll often have priority paths
internally for security fixes).
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.