[Phpmyadmin-devel] Security issues
DelislMa at CollegeSherbrooke.qc.ca
Thu Oct 14 07:10:34 CEST 2004
Michal C(ihar( a écrit:
> On Thu 14. 10. 2004 15:17, Marc Delisle wrote:
>>So you think that users, reading the security information in a document
>>that is clearly labeled as being for 2.6.0-pl2, will conclude that there
>>won't be any bugs or security announcements later? I am not sure to agree
> No, but users usually don't need to know which bugs were in previous versions,
> but what bugs are in version they use. So they anyway need to look for such
> thing on our web. These issues should be archived, but they are IMHO not
> needed to be in documentation (which anyway should be somehow structured, it
> is getting too large).
I think the doc *is* structured but too large. You mean it should be splitted in smaller
documents? It could be done. They only thing I miss in smaller documents is the ability
to search using my browser's facilities, in case a notion is covered in more than one
Once in a while we discuss about this, also about the doc source format, the possible
generation of one HTML file or many small, a formal way of translating the doc, etc.
>>Besides, we have localized versions of the doc for some languages. It would
>>be interesting to have the localized version of the security alerts too.
> Well till now I thought we have just these partly translated old unmaintained
> documents, but it looks like you're translating regularly french version.
I am lucky to have a volunteer from France who is maintaining this doc.
> Anyway I'd like to keep security alerts separately as I don't see any use in
> having this in documentation. (In how many other projects have you seen such
> section in documentation?)
Well, at least I hope their doc has pointers about security matters.
Ok you have convinced me. Maybe other devs can comment too about this issue?
>>Also, I find it important that the documents we produce be in the CVS,
>>especially for matters about security.
> When you make security announcement you are not supposed to change it later so
> version control is not needed at all.
I was not thinking about version control but about backup. Right now we do not
have a regular backup system for the shell server's htdocs directory.
That's why I opened a pma_localized_docs structure in CVS.
>>But I am not against a new Security section, with relevant links.
> At least something :-)
he he he :)
More information about the Developers