Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
Django developers
Home
+ new post
About this group
Join this group
Message from discussion If there was massive security hole found in Django, are there plans in place to deal with it?
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Jason Huggins  
View profile  
 More options Aug 10 2006, 12:38 am
From: "Jason Huggins" <jrhugg...@gmail.com>
Date: Wed, 09 Aug 2006 21:38:38 -0700
Local: Thurs, Aug 10 2006 12:38 am
Subject: Re: If there was massive security hole found in Django, are there plans in place to deal with it?
Print | View thread | Show original | Report this message | Find messages by this author

Jeremy Dunck wrote:
> True, but Rails had lots of buzz and has -lots- of prod systems.  Of
> the 2 people I talked to with prod rails systems, neither had heard of
> this 3 hours after the posting.  I only knew because of luck on
> prog.reddit.

Same here, programming.reddit.com is my most hit site these days...

But all the more reason for letting Django users know *before-hand*
where they should look for stuff like this (which list they should be
subscribed to or RSS feed to check). As Django user/dev, I would *not*
want to *first* hear about something like this on reddit. :-)

Maybe there should be some guideline like.. "If you're going to deploy
Django on a server accessible by the general public, subscribe to our
security RSS feed or mailing list to be notified as needed". Even then,
I can see how a policy like that is "tricky"... What's to keep an evil
blackhat from subscribing to the very same list so he he knows when to
get busy cracking sites using the same information?

-Jason


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2013 Google