[announce] New Horde Vendor coordination list

Chuck Hagenbuch chuck at horde.org
Wed Feb 6 16:31:30 UTC 2008


Horde community-

We have created a new mailing list for coordinating security releases  
with vendors who distribute packaged versions of Horde, with the goal  
of making coordinated release of fixes easier for all involved, and  
thus more timely and safer for users.

For perhaps obvious reasons - the confidentiality of security reports  
- this is a private list with moderated subscription. If you are  
involved in packaging Horde for a distribution, please ask to  
subscribe at http://lists.horde.org/mailman/listinfo/vendor. If you  
are not already familiar with the Horde core development team, you  
should also send a note to core at horde.org letting us know how we can  
verify your involvement in packaging. Again, this is not to create an  
arbitrary barrier to entry and information, but to ensure that we can  
respect security researchers' wishes in keeping reports confidential  
until a coordinated release of any issues and the associated fixes is  
made.

For more information on Horde's security procedures, please see  
http://wiki.horde.org/SecurityManagement

Thanks,
-chuck


More information about the announce mailing list