Lisa is telling us that they are not telling everyone, only registered moodle sites are being notified. Which leaves sites that didn't bother to register hanging. If there is a problem, then you should let everyone know so they can get it patched as soon as possible or disable the problem (even if that means the site itself). In this case it seems the fixes aren't ready yet, so they are warning the registered people, it's a catch 22, do you warn everyone and then hackers that didn't know about it jump on the bandwagon and start hacking everything they can find (hopefully the warned somehow prevent this until the fix), or do you keep it hush hush, warn the few and hope the hackers that already know about it don't hack too many. I would rather know as soon as possible myself. -----Original Message----- From: plug-discuss-bounces@lists.plug.phoenix.az.us [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of R P Herrold Sent: Monday, October 26, 2009 8:35 AM To: Main PLUG discussion list Subject: Re: [securityalerts] New Moodle releases 1.9.6 and 1.8.10: Securityfixes On Mon, 26 Oct 2009, Lisa Kachold wrote: > Moodle announces more security issues. > > By sending out this "advance security notice" of known exploits to > registered Moodle sites before the security fixes and "press release" > it's clear that Moodle does not fully appreciate the state of web > security today. Literally thousands of web systems exploiters are > already targeting school based Moodle php/mysql sites! and so ? so are sendmail and bind and the Linux kernel each of which announce their holes as well > ---------- Forwarded message ---------- > From: martin@moodle.com > Subject: [securityalerts] New Moodle releases 1.9.6 and 1.8.10: > Security fixes > To: securityalerts@lists.moodle.org > You are getting this email because you subscribed to the Moodle security alerts > list when you registered your Moodle site. (Thanks for registering, by the > way!) I would read this that moodle cares enough to run a security alerts ML exploder, and that they care enough to use it. It seems like sour grapes to complain that the 'free soup' is not seasoned as you like it. -- Russ herrold --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss