Daily snapshots |
Mailing list archive |
This month's Index
Re: libssh2 security
On Saturday, August 20, 2016 17:41:45 Daniel Stenberg wrote:
> Hi friends,
> One of the remaining steps to make us reach 100% "CII best practices", is to
> make sure we document how we deal with security problems and provide a way
> for users to report such problems without immediately disclosing them to
> the public.
> I've written a suggested "security process" for how to handle these sort of
> problems and I've set up an email alias (libssh2-security_at_haxx.se) with a
> closed list of receivers to which suspected vulerabilities can be reported.
> The process is my *suggested* approach and I'm interested in feedback and
> comments to make sure we all agree on it. It is right now already easily
> browsable here:
Looks good to me! Sorry for replying late on this.
> There should be very few surprises in that. It is basically the same
> document I've used in the curl project for many years. I stole it from
> there with permission since I wrote the original =)
> I'll make it viewable from the web site too in a day or two, depending on
> the feedback here.
Received on 2016-08-22
the libssh2 team