couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <Dirk-Willem.van.Gu...@BBC.co.uk>
Subject Re: Reporting potential security issues
Date Sat, 19 Dec 2009 20:54:48 GMT

On 19 Dec 2009, at 17:19, Florian Weimer wrote:

> What are your preferences for reporting potential security issues?
> Shall I post them here, open a bug, or send them through
> <security@apache.org>?

If it is quite sensitive - please post to security@apaache.org; use pgp if/as needed. We'll
pass it on to the developers in private. See http://www.apache.org/security/committers.html
for more details.

Then security@<project>.org is the next level down (which auto cc to security@apache.org)
- or  feel free to consults the AUTHORS file to directly mail the right developer - but do
cc in security@apache.org org.

If it not very sensitive - dev is fine. Do note that security@ usually also trigger CVE and
similar escalation if not yet done.

Shoot me or security@ a private mail if you need a hand with a judgment all.

Thanks,

Dw.



http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are
not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify
the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
					

Mime
View raw message