[clug] CLUG Wiki

Alex Satrapa grail at goldweb.com.au
Wed Jan 5 03:41:40 GMT 2005

On 5 Jan 2005, at 13:22, Nigel Cunningham wrote:

> Perhaps I'm just an ignoramous (you can't know everything!), but I
> thought those issues were dealt with.

They were. The "did no behave well publically" part is actually due to  
the "security researcher" who publically announced the vulnerabilities  
two days after trying to contact the TWiki authors, without waiting for  
the TWiki authors to contact all registered TWiki users. Said  
"researcher" then went on to badmouth TWiki and its authors. I guess  
Steve listened.


So yes, TWiki suffers from unforgivably poor coding practices  
(bypassing Taint checking with a match-all regex) and lazy programmers  
attending to some portions. Have you reviewed all the source code for  
your chosen wiki?


More information about the linux mailing list