Hi List,
Cc'ing the dev list too because this raises a question that some googling
doesn't answer - does GeoServer have a Responsible (or Full) Disclosure
policy? I can't seem to find anything which is surprising given the nature
of GeoServer as a server and thus potentially a portal into many
organisations.
Those with commercial support can go to their vendor, but a security
researcher (or just random person) won't have that. And beyond that, it
doesn't address whether GeoServer should go with Full or Responsible
disclosure (or something else) - something for the PSC? Many projects have
a "[email protected]" email address which points to something private.
https://en.wikipedia.org/wiki/Responsible_disclosure
and
https://en.wikipedia.org/wiki/Full_disclosure_(computer_security)
Thoughts?
Cheers,
Jonathan
---------- Forwarded message ----------
From: Isakson Mats <[email protected]>
Date: 9 May 2014 12:32
Subject: [Geoserver-users] Handling of a detected security flaw
To: "[email protected]" <
[email protected]>
Hi,
In general, how do you handle potential security flaws? Do we discuss the
potential flaw here on the mailing list?
Regards
____________________
*Mats Isakson*
Systemutvecklare
Lantmäteriet, Division Informationsförsörjning
the Swedish mapping, cadastral and land registration authority
Box 820, 981 28 Kiruna
E-post: [email protected]
Tel: +46 980 670 46
Mobil: +46 72 242 37 24
www.lantmateriet.se
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
--
This transmission is intended for the named addressee(s) only and may
contain confidential, sensitive or personal information and should be
handled accordingly. Unless you are the named addressee (or authorised to
receive it for the addressee) you may not copy or use it, or disclose it to
anyone else. If you have received this transmission in error please notify
the sender immediately. All email traffic sent to or from us, including
without limitation all GCSX traffic, may be subject to recording and/or
monitoring in accordance with relevant legislation.
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Geoserver-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
