-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Tino,
Jamma Tino Schwarze wrote: > On Thu, May 27, 2010 at 09:28:49PM +0000, halfdog wrote: >> Is there a dedicated security contact for backuppc, e.g. mail address or >> person? > > Craig Barratt <cbarr...@users.sourceforge.net> should be the right > person to talk to. Thanks for your swift reply. I'll try this address. > There's no "dedicated" security contact though. I see. It seems, that most open-source projects lack this kind of information. - From my point of view, it would make sense, that sourceforge and/or the open source community would provide assistance to help project members to establish a minimal security response process. The assistance could be: * Provide information, how to define a simple security strategy, how to nominate security contact(s), how to deal with security issues, and especially when to seek help from people outside the project community, e.g. voluntary open source security professionals or certs. * Add field "security contact" to project information and display it in the "Summary" or maybe "Support" section. When creating a new project, filling this field might increase the awareness and allows to emphasize the importance of security considerations at the beginning of a project. > Are there issues? I am not sure about it, therefore I was looking for a person with deep understanding of backuppc to do some analysis. Kind Regards, Roman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkwCNycACgkQxFmThv7tq+6VzACfb4eyll1whgLrwaFR5sDW61RQ 9/8Anj/NpOnmAplKyrV+cNhxfCUL1Tnd =2xHp -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ _______________________________________________ BackupPC-devel mailing list BackupPC-devel@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-devel Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/
