On Mon, Jan 05, 2015 at 02:23:45PM -0200, Flavio Leitner wrote: > On Friday, January 02, 2015 01:44:49 PM Ben Pfaff wrote: > > Open vSwitch needs some kind of process for handling vulnerabilities. So > > far, we've been pretty lucky that way, but it can't last forever, and I > > think we'll be better off if we have at least the outline of an established > > process whenever a significant vulnerability comes along. Here's my draft > > of a process based on the documentation of the OpenStack process at > > https://wiki.openstack.org/wiki/Vulnerability_Management. > > > > I don't have a lot of experience with this kind of thing myself, so I'd > > appreciate critical review from anyone who does. > > > > Signed-off-by: Ben Pfaff <b...@nicira.com> > > --- > > My concern is with open communications. It should be > possible to anyone to report the issue, but further communications > should be authenticated and closed to avoid someone else to > fake messages/patches, etc.
As a list open for posting, anyone can report an issue. I don't know how to implement the authentication you mention. Is there a customary way to do it, that will not shut out reporters who do not have some specific email client etc.? _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev