I'm not sure whether this is the right list, but it will do for a start.
I would like to understand what process is in place for handling security issues. The question has arisen because of bug 51819, a serious security issue which was reported more than 18 months ago.
Getting that bug resolved is important enough, but even more important is knowing what process is in place to track and resolve security issues. Who at a senior TDF level is responsible for managing security? What are the guidelines for the process? Are these documented?
FWIW, it would be normal in most applications for security issues to always be blockers for the next version and to get the highest development priority. Until resolved ideally they should also be private.
Users need to have confidence that security is being handled professionally on their behalf. The lack of progress on bug 51819 has considerably dented my confidence. Putting a comment in the release notes is really not enough.
-- Mike Hall www.onepoyle.net -- To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
