Re: [development] Think there's a security problem in your module? Here's what to do.

16 Jan 2008

      Alan

You have a point about not making it easy in the commit message.

But even if we do that, what is the solution to notifying legitimate
users (via RSS, email list), but not the black hats?

We still have to tag releases as security, and issue SAs.

There is no way we can hide that AND inform legitimate users WITHOUT
the black hats knowing.

Khalid Baheyeldin