[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Health-dev] [bug #58584] Various security issues for gnuhealth-cont
Re: [Health-dev] [bug #58584] Various security issues for gnuhealth-control
Wed, 17 Jun 2020 14:53:10 +0100
On Wed, 17 Jun 2020 13:47:13 +0200
Axel Braun <firstname.lastname@example.org> wrote:
> Hello Luis,
> I have already informed you three month ago in a private, encrypted
> mail about this issue - solution was provided on 23 March, as well in
> an encrypted mail.
I know you have acted in good faith, and I appreciate your
commitment, but what you have done is wrong. Possible vulnerabilities
must be reported to email@example.com. That is the only place.
We're all swamped by emails, that is why I have taken the time to
document how to document a section on GNU Health security and how to
report security issues.
> Release 3.6.4 was one month ago, and I had emphasized this to you as
GNU Health setup and GNU Health control center have their own
development process, independent of the GH HMIS.
> Too bad that it was ignored, as I just found out.
We all learn from our mistakes. Important thing is that you have acted
in good faith, and now you know the right email and way to report
possible security vulnerabilities.
Let me take the opportunity to thank Johannes and the openSUSE security
team for your work on strengthening GH!
Al the best,
Dr. Luis Falcon, MD, MSc
President, GNU Solidario
GNU Health: Freedom and Equity in Healthcare
Fingerprint: ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199