Loading...
 
Documentation

Documentation


posts: 5

Hi!

> yes: security at tikiwiki.org will let you submit whatever you have found there.

Thanks. But I'm seeking for a mailing list where I can subscribe to receive any security related issues and especially updates/patches.

Thanks
Hansi

posts: 2881 United Kingdom

> Hi!
>
> > yes: security at tikiwiki.org will let you submit whatever you have found there.
>
> Thanks. But I'm seeking for a mailing list where I can subscribe to receive any security related issues and especially updates/patches.
>
> Thanks
> Hansi
>

We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.

The Security team consists of the Project Admins plus well known developers who have a huge skill level within Tiki code.

Damian
http://tikihost.net

posts: 5

Hi!

> We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.

This is a noble attitude, but please let me ask why other projects do have a security announce mailing list. I do see the problem, that such a list could help crackers to easily obtain info about weaknesses. OTOH I can't see a reasonable way to receive security advisories with patches in time. Except that I have to poll your site periodically, but that is not what I'm searching for (and what I have time for).

Would it be possible for the TikiWiki project to distribute such security advisories in a subscribable mailing list, where these advisories don't disclose exact how-tos on hacking TikiWiki, but just a short comment on the severity of the problem and a link to a patch?

> The Security team consists of the Project Admins plus well known developers who have a huge skill level within Tiki code.

I'm confident, that TikiWiki does have skilled developers to fix upcoming security flaws, but my question clearly concerns security advisories.

Bye
Hansi

posts: 2881 United Kingdom

> Hi!
>
> > We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.
>
> This is a noble attitude, but please let me ask why other projects do have a security announce mailing list. I do see the problem, that such a list could help crackers to easily obtain info about weaknesses. OTOH I can't see a reasonable way to receive security advisories with patches in time. Except that I have to poll your site periodically, but that is not what I'm searching for (and what I have time for).
>
> Would it be possible for the TikiWiki project to distribute such security advisories in a subscribable mailing list, where these advisories don't disclose exact how-tos on hacking TikiWiki, but just a short comment on the severity of the problem and a link to a patch?
>

That kind of advistory is usually announced on tikiwiki-users / tikiwiki-devel mailing list.

Damian


Upcoming Events

1)  18 Apr 2024 14:00 GMT-0000
Tiki Roundtable Meeting
2)  16 May 2024 14:00 GMT-0000
Tiki Roundtable Meeting
3)  20 Jun 2024 14:00 GMT-0000
Tiki Roundtable Meeting
4)  18 Jul 2024 14:00 GMT-0000
Tiki Roundtable Meeting
5)  15 Aug 2024 14:00 GMT-0000
Tiki Roundtable Meeting
6)  19 Sep 2024 14:00 GMT-0000
Tiki Roundtable Meeting
7) 
Tiki birthday
8)  17 Oct 2024 14:00 GMT-0000
Tiki Roundtable Meeting
9)  21 Nov 2024 14:00 GMT-0000
Tiki Roundtable Meeting
10)  19 Dec 2024 14:00 GMT-0000
Tiki Roundtable Meeting