Re: FWD: Squirrelmail XSS + SQL security bug?
> I completely agree with Matt. This was the idea I wanted to say in my
> former post. Don't mix development docs (like changelog) with security ones
> (security advisories, etc). IMHO, the correct procedure for
> SquirrelMail (or other important project) would be to open a security
> section where security announcements were placed and sending _also_ these
> announcements to security lists (at least, Bugtraq). I'm not a developper
> but this is exactly what I usually do if I discover a security related bug
> in any piece of software.
I agree that a separate security section on our website could aid in the communication of security issues. I will bring this up within the project, I think there won't be much protest against that.