Page 1 of 1

Suggestion - Security Mailing List

Posted: Sat Jul 22, 2006 7:25 am
by unixboymd
Hi all,

I originally intended to suggest that some type of mail subscription list be set up that pertained only to security related announcement's, since it's been a week or two (or longer) since it was announced that everyone upgrade to 1.0.10. Yet while helping people in the forums, I find people are still running previous versions and had no clue about the security issues of late.

But then I realized that there was no need for an extra piece of code (mail list software) because one could subscribe to a particular form and receive those in e-mail.

This in turn led me to the ANNOUNCMENTS forum, which I am already subscribed to. As the announcement's forum contains alot of items that some (or alot) of people may not wish to clutter their inbox, just so they can receive security advisories about recently discovered security threats found in Joomla or it's 3PD.

So perhaps a SECURITY ANNOUNCMENTS forum should be set-up? I'm not saying that fixes or discussions should take place in this forum, that's what we have the Security Forums for. It should be a "locked" forum and only be used to provide notices to the community, about known and verified security threats to Joomla enabled sites.

The main reason I'm suggesting this is even though the 1.0.10 upgrade and the security issues were posted on the Joomla site that information eventually became replaced as other posts were made to the frontpage. So then it was not as highly visable.

I guess what I'm saying is that I found it and am still finding it highly alarming at the number of people who still don't know about the recent hacking plaque or the 1.0.10 upgrade (even though it's been around 2 weeks since it was originally posted). Yes, it comes down to personal responsibility to keep your site(s) secure, but it gives people a gentle nudge to upgrade & check their site security, when a NOTICE is right in your face.

Thanks for listening,
Roger

Re: Suggestion - Security Mailing List

Posted: Sat Jul 22, 2006 7:27 am
by brad
This is already being worked on.. news in a few days hopefully.. ;) We are taking care of these concerns and will update you all as to how you can keep up with security soon.