Hi, On Thu, Oct 20, 2011 at 1:54 PM, Daniel Brown <danbrown@xxxxxxx> wrote: > On Thu, Oct 20, 2011 at 08:02, Jon Watson <jon.watson@xxxxxxxxxxxx> wrote: > > Hi All, > > > > I subscribed to this list thinking that this is where I would get > security > > update notices, but this appears to be more of a general list. I've > looked > > at all the lists available on PHP.net and I don't see one specifically > about > > security. > > Well, hence the "General" in PHP General. So I guess we're doing > something right here. > Absolutely. I was not complaining at all. > > > Can someone tell me which list I should sub to in order to ensure that I > am > > advised of security updates? > > There is no public PHP security mailing list. Instead, we post > things right in the open on the website itself, right on the homepage: > > http://php.net/ OK, thank you. That's not workable for me as I have far too much to keep track of. I need stuff delivered to me so I'll follow up on some of the other lists that you and Matthew mention. > > > There are third-party sites that send out security alerts for > software such as PHP, and you can likely find them easily enough via > Google. Off the top of my head, none are coming to mind by name, but > I have subscribed to their mailings myself over the years, and found > them to be a pretty reliable resource --- some "underground" public > groups are particularly useful for zero-day vulnerabilities. > > -- > </Daniel P. Brown> > Network Infrastructure Manager > http://www.php.net/ >
