Valid point or not, Boris, the way it was said was totally uncalled for. Alex, yes, it was perhaps not handled perfectly, but if you don't like Drupal, "in this regard" why don't you just create your own content management system that works better "in this regard"? Or go find one that handles it better "in this regard"? Chances are that you will not be successful. Karoly and the rest of the security team: better luck this time, and thanks for all your hard work over the months. I may just be another voice on this highly active mailing list, but please be sure that there are other people like me who appreciate your efforts a lot. Kobus
boris@bryght.com 3/14/2006 1:47:59 AM >>>
On 13-Mar-06, at 3:33 PM, Karoly Negyesi wrote:
On Tue, 14 Mar 2006 00:24:40 +0100, Alejandro Exojo <suy@kurly.org> wrote:
El Martes, 14 de Marzo de 2006 01:03, Gerhard Killesreiter escribió:
are now available. See drupal.org/node/53524
I'm really very disappointed about how the Drupal project is handling releases and security advisories. IMHO, it's the worst "big" free software project in this regard.
Thanks for the appreciation of our hard work and your discreet letter to them security team that the sending security newsletters were forgotten. They were written just waited for sending.
Karoly: this is still a valid point. The security advisories *must* go out first, privately, before the public announcement. Do you need help with this next time? I'll volunteer to help manage this. -- Boris Mann Vancouver 778-896-2747 San Francisco 415-367-3595 SKYPE borismann http://www.bryght.com