[board] Fwd: [core] Coordination with Debian for security problems ?
Chuck Hagenbuch
chuck at horde.org
Wed Feb 6 04:14:34 UTC 2008
Quoting Ben Klang <ben at alkaloid.net>:
> I agree with spirit of helping our biggest installs protect
> themselves, but we need to be careful and respectful of the grace
> period given to us by the security researchers who report the
> problems. The ability to release the information is their value and
> their notification to us is a courtesy. I would only feel
> comfortable including specific sites (or really, anyone beyond the
> core team and whoever actually codes the fix) if we can guarantee the
> information will be kept confidential until a coordinated release is
> made. It *could* also raise a potentially sticky question of who
> gets the information and who does not (and why not).
I've created this page:
http://wiki.horde.org/SecurityManagement
It may make sense to move this to the main website eventually, but I
figure it could do with editing by other core folks first. It's locked
to guests; please email this list or the vendor list if you do not
have a dev.horde.org account and have suggested changes.
-chuck
More information about the board
mailing list