On Friday, 4 January 2019 2:02:20 AM AEDT Florian Zumbiehl via Exim-dev wrote:
> Hi,
> > For the record, if you have a sensitive security issue, please mail
> > 
> >     secur...@exim.org
> well, that's good to know, I guess, but may I suggest you put that on the
> website somewhere? 

It probably would be useful to include it on the website, but if you attempt 
to submit a bug it does have a disclaimer at the top: "If you have a sensitive 
security issue, please mail secur...@exim.org"  although it doesn't have 
instructions on how to encrypt with the maintainer's public keys.

> Just put a text file in
> https://www.exim.org/static/doc/security/ or something, that's linked as
> "security" from the start page, so that should be easy enough to discover.
> Even knowing the address, the only thing I can find on the web containing
> that address are some files in /.github/ in the repo, hosted on github, so
> that's kinda impossible to find.
> Adding a file in the root of the repo might also be a good idea ...
> Regards, Florian

## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Reply via email to