[Phpmyadmin-devel] Security issues

[Michal Čihař]

On Thu 14. 10. 2004 15:17, Marc Delisle wrote:
> So you think that users, reading the security information in a document
> that is clearly labeled as being for 2.6.0-pl2, will conclude that there
> won't be any bugs or security announcements later? I am not sure to agree
> with you.

No, but users usually don't need to know which bugs were in previous versions, 
but what bugs are in version they use. So they anyway need to look for such 
thing on our web. These issues should be archived, but they are IMHO not 
needed to be in documentation (which anyway should be somehow structured, it 
is getting too large).

> Besides, we have localized versions of the doc for some languages. It would
> be interesting to have the localized version of the security alerts too.

Well till now I thought we have just these partly translated old unmaintained 
documents, but it looks like you're translating regularly french version. 
Anyway I'd like to keep security alerts separately as I don't see any use in 
having this in documentation. (In how many other projects have you seen such 
section in documentation?)

> Also, I find it important that the documents we produce be in the CVS,
> especially for matters about security.

When you make security announcement you are not supposed to change it later so 
version control is not needed at all.

> But I am not against a new Security section, with relevant links.

At least something :-)

-- 
    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20041014/8cf0aa44/attachment.sig>