[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-meisters] Security reports

From: Peter Bex
Subject: Re: [Chicken-meisters] Security reports
Date: Thu, 31 Mar 2011 13:30:28 +0200
User-agent: Mutt/

On Thu, Mar 31, 2011 at 01:27:52PM +0200, Felix wrote:
> From: Peter Bex <address@hidden>
> Subject: [Chicken-meisters] Security reports
> Date: Thu, 31 Mar 2011 13:06:17 +0200
> > Hello all,
> > 
> > I was enjoying myself with making fun at Chamilo for having a shitty
> > security process, but then I realised our situation isn't better; we
> > have no documented way to report security issues (with eggs and/or
> > chicken itself).
> > 
> > I propose setting up a address@hidden, which optionally
> > just sends mail to the chicken-meisters.  This should then be clearly
> > listed on the main page, and on the wiki.  We should then
> > probably announce it on chicken-users, or chicken-hackers too.
> > 
> > If we get this set up we might also document a "security process"
> > that describes how security issues are handled.
> > 
> > What do y'all think?
> Sorry, but what is a "security process"?

Just a clearly documented description of how security issues are handled.
This helps security research perform responsible disclosure.

Something like

Maybe this is all too much "process". In any case, we do need to document
whatever little process we have, and where to send issues.

"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                                                        -- Donald Knuth

reply via email to

[Prev in Thread] Current Thread [Next in Thread]