Re: Aw: Re: Aw: Re: Security Mailing List
> Hi!
>
> > We dont have anything of that nature, for the simple reason people could subscribe to it in order to obtain information on getting access to tiki sites.
>
> This is a noble attitude, but please let me ask why other projects do have a security announce mailing list. I do see the problem, that such a list could help crackers to easily obtain info about weaknesses. OTOH I can't see a reasonable way to receive security advisories with patches in time. Except that I have to poll your site periodically, but that is not what I'm searching for (and what I have time for).
>
> Would it be possible for the TikiWiki project to distribute such security advisories in a subscribable mailing list, where these advisories don't disclose exact how-tos on hacking TikiWiki, but just a short comment on the severity of the problem and a link to a patch?
>
That kind of advistory is usually announced on tikiwiki-users / tikiwiki-devel mailing list.