Suggestion - Security Mailing List

If you have any 'mechanical' forum or Joomla! sites related issues/suggestions, please contact the Sites & Infrastructure Workgroup here.

Moderators: brad, Tonie

Forum rules
Forum Rules
READ ME <-- please read before posting, this means YOU.
Post Reply
unixboymd
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Thu Aug 18, 2005 5:53 pm
Location: Washington D.C. & Baltimore, MD Metro
Contact:
Contact unixboymd

Suggestion - Security Mailing List

Post by unixboymd » Sat Jul 22, 2006 7:25 am

Hi all,

I originally intended to suggest that some type of mail subscription list be set up that pertained only to security related announcement's, since it's been a week or two (or longer) since it was announced that everyone upgrade to 1.0.10. Yet while helping people in the forums, I find people are still running previous versions and had no clue about the security issues of late.

But then I realized that there was no need for an extra piece of code (mail list software) because one could subscribe to a particular form and receive those in e-mail.

This in turn led me to the ANNOUNCMENTS forum, which I am already subscribed to. As the announcement's forum contains alot of items that some (or alot) of people may not wish to clutter their inbox, just so they can receive security advisories about recently discovered security threats found in Joomla or it's 3PD.

So perhaps a SECURITY ANNOUNCMENTS forum should be set-up? I'm not saying that fixes or discussions should take place in this forum, that's what we have the Security Forums for. It should be a "locked" forum and only be used to provide notices to the community, about known and verified security threats to Joomla enabled sites.

The main reason I'm suggesting this is even though the 1.0.10 upgrade and the security issues were posted on the Joomla site that information eventually became replaced as other posts were made to the frontpage. So then it was not as highly visable.

I guess what I'm saying is that I found it and am still finding it highly alarming at the number of people who still don't know about the recent hacking plaque or the 1.0.10 upgrade (even though it's been around 2 weeks since it was originally posted). Yes, it comes down to personal responsibility to keep your site(s) secure, but it gives people a gentle nudge to upgrade & check their site security, when a NOTICE is right in your face.

Thanks for listening,
Roger
Patience is something you admire in the driver behind you, but not in one ahead. -- Bill Mcglashen
Top
User avatar
brad
Joomla! Hero
Joomla! Hero
Posts: 2212
Joined: Fri Aug 12, 2005 12:38 am
Skype: tested
Location: Sydney - Australia
Contact:
Contact brad

Re: Suggestion - Security Mailing List

Post by brad » Sat Jul 22, 2006 7:27 am

This is already being worked on.. news in a few days hopefully.. ;) We are taking care of these concerns and will update you all as to how you can keep up with security soon.
Brad Baker - Joomla! Core Team, Sites & Infrastructure.
http://www.rochen.com - Managed Dedicated, Reseller & Multiple Domain Hosting.
http://www.joomlatutorials.com <-- Joomla! 1.5 & 1.0.x
^New Joomla 1.5 Tutorials are out!
Top
Post Reply

Return to “Sites & Infrastructure - Feedback/Information”