incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Bromhead <...@instaclustr.com>
Subject Re: Best avenue for reporting security issues
Date Wed, 18 Dec 2013 01:06:10 GMT
No worries, message sent

Ben Bromhead
Instaclustr | www.instaclustr.com | @instaclustr | +61 415 936 359

On 18 Dec 2013, at 10:35 am, Aleksey Yeschenko <aleksey@apache.org> wrote:

> Hi Ben,
> 
> Send it to me, I'll handle it.
> 
> Thanks
> 
> 
> On Wed, Dec 18, 2013 at 2:30 AM, Ben Bromhead <ben@instaclustr.com> wrote:
> 
>> Hi guys
>> 
>> We’ve come across a bug with potential security implications and in the
>> spirit of responsible disclosure whats the best path for reporting it /
>> submitting patches without making the issue public until a fixed version of
>> Cassandra is released?
>> 
>> As a follow up I would propose that the Cassandra project should have
>> security@cassandra.apache.org mailing address, where sensitive issues can
>> be reported to the core dev team without it being made public.
>> 
>> Regards
>> 
>> Ben Bromhead
>> Instaclustr | www.instaclustr.com | @instaclustr | +61 415 936 359
>> 
>> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message