graham, i can understand the resistence to posts that includes details about exploits.Graham wrote: I would like to remind people here that if they believe they have found an exploit in phpBB code (or a potential one), they should post it - with all the details - to the Security tracker and not on the forum
but could you please explain why a link to such an explanation elsewhere is frowned upon? if a security issue/exploit/script was posted and discussed elsewhere, its not like a link to such page would increase the exposure. otoh, we may learn something, and maybe even implement precautions.
of course, anyone who knows of a problem should post it on the security tracker, i agree, but why fight links to things which are already published elsewhere?