[Phpmyadmin-devel] Security issues

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Thu Oct 14 07:10:34 CEST 2004 

Michal C(ihar( a écrit:

> On Thu 14. 10. 2004 15:17, Marc Delisle wrote:
> 
>>So you think that users, reading the security information in a document
>>that is clearly labeled as being for 2.6.0-pl2, will conclude that there
>>won't be any bugs or security announcements later? I am not sure to agree
>>with you.
> 
> 
> No, but users usually don't need to know which bugs were in previous versions, 
> but what bugs are in version they use. So they anyway need to look for such 
> thing on our web. These issues should be archived, but they are IMHO not 
> needed to be in documentation (which anyway should be somehow structured, it 
> is getting too large).

Michal,

I think the doc *is* structured but too large. You mean it should be splitted in smaller
documents? It could be done. They only thing I miss in smaller documents is the ability
to search using my browser's facilities, in case a notion is covered in more than one
document.

Once in a while we discuss about this, also about the doc source format, the possible
generation of one HTML file or many small, a formal way of translating the doc, etc.

> 
> 
>>Besides, we have localized versions of the doc for some languages. It would
>>be interesting to have the localized version of the security alerts too.
> 
> 
> Well till now I thought we have just these partly translated old unmaintained 
> documents, but it looks like you're translating regularly french version. 

I am lucky to have a volunteer from France who is maintaining this doc.

> Anyway I'd like to keep security alerts separately as I don't see any use in 
> having this in documentation. (In how many other projects have you seen such 
> section in documentation?)
> 
Well, at least I hope their doc has pointers about security matters.

Ok you have convinced me. Maybe other devs can comment too about this issue?

> 
>>Also, I find it important that the documents we produce be in the CVS,
>>especially for matters about security.
> 
> 
> When you make security announcement you are not supposed to change it later so 
> version control is not needed at all.

I was not thinking about version control but about backup. Right now we do not
have a regular backup system for the shell server's htdocs directory.
That's why I opened a pma_localized_docs structure in CVS.
> 
> 
>>But I am not against a new Security section, with relevant links.
> 
> 
> At least something :-)

he he he :)
>

More information about the Developers mailing list