> I completely agree with Matt. This was the idea I wanted to say in my > former post. Don't mix development docs (like changelog) with security ones > (security advisories, etc). IMHO, the correct procedure for > SquirrelMail (or other important project) would be to open a security > section where security announcements were placed and sending _also_ these > announcements to security lists (at least, Bugtraq). I'm not a developper > but this is exactly what I usually do if I discover a security related bug > in any piece of software.
I agree that a separate security section on our website could aid in the communication of security issues. I will bring this up within the project, I think there won't be much protest against that. Thijs
