Yoav,
Sorry, stupid me didn't know [EMAIL PROTECTED] was for httpd only. I guess
then every project has to maintain it's own security mail address if it
needs that. I also guess there is no central handling of security issues
for all ASF projects. I further guess publishing of vulnerabilities is
completely up to the committers. Correct me if I am wrong.
Cheers
Odi
Yoav Shapira wrote:
Ortwin,
There are general guidelines at http://httpd.apache.org/security_report.html.
Basically, if you suspect a security issue, let [EMAIL PROTECTED] know. Let
them worry about filtering it and possibly coming back to you with a message
like "no, this is not an issue, because..." ;)
Yoav
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
