[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Chicken-meisters] Security reports
From: |
Peter Bex |
Subject: |
Re: [Chicken-meisters] Security reports |
Date: |
Thu, 31 Mar 2011 13:30:28 +0200 |
User-agent: |
Mutt/1.4.2.3i |
On Thu, Mar 31, 2011 at 01:27:52PM +0200, Felix wrote:
> From: Peter Bex <address@hidden>
> Subject: [Chicken-meisters] Security reports
> Date: Thu, 31 Mar 2011 13:06:17 +0200
>
> > Hello all,
> >
> > I was enjoying myself with making fun at Chamilo for having a shitty
> > security process, but then I realised our situation isn't better; we
> > have no documented way to report security issues (with eggs and/or
> > chicken itself).
> >
> > I propose setting up a address@hidden, which optionally
> > just sends mail to the chicken-meisters. This should then be clearly
> > listed on the call-cc.org main page, and on the wiki. We should then
> > probably announce it on chicken-users, or chicken-hackers too.
> >
> > If we get this set up we might also document a "security process"
> > that describes how security issues are handled.
> >
> > What do y'all think?
>
> Sorry, but what is a "security process"?
Just a clearly documented description of how security issues are handled.
This helps security research perform responsible disclosure.
Something like
http://www.freebsd.org/security/security.html
or
http://drupal.org/security-team
Maybe this is all too much "process". In any case, we do need to document
whatever little process we have, and where to send issues.
Cheers,
Peter
--
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
is especially attractive, not only because it can be economically
and scientifically rewarding, but also because it can be an aesthetic
experience much like composing poetry or music."
-- Donald Knuth