janI wrote on Tue, Mar 05, 2013 at 00:41:42 +0100: > On 5 March 2013 00:24, Daniel Shahaf <danie...@apache.org> wrote: > > > Andrea Pescetti wrote on Mon, Mar 04, 2013 at 22:05:42 +0100: > > > janI wrote: > > >> As you can read below, mediawiki has just released a security release. > > >> We are currently not hit by the issues noted in the mail. > > >> However I would like to ask the community if we should upgrade or wait > > for > > >> a later release ? > > > > > > Security issues are one of the few cases where we prefer that all > > > conversations happen in private (infrastructure-private, that you CCed, > > > seems right). > > > > Security issues in services running on apache.org hardware should be > > reported to root@, rather than infra-private@. > > > > I dont get it....I forwarded a PUBLIC email, about a security relase, NOT a > security issue, just to get an opinion from the community, because if > installed someone has to test it !! > > It is really not easy to something right.
Can you please not take this personally? It was just a commit review. To the point: I agree with Andrea: it would have been good if you had been more conservative and discussed the security implications privately. That's because of the a small chance that your assessment that the announced issue does not affect ooo-wiki2-vm will turn out to be a false negative: if somebody replies to your post and says "Hey, false negative", you really want _that_ to happen privately. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
