Chris Cormack wrote: > 2011/6/2 Frère Sébastien <[email protected]>: > > On Wed, Jun 01, 2011 at 09:47:05AM +0200, Paul Poulain wrote: > >> Next question: we've spoken of a mailing list for such > >> vulnerabilities. Should we create > >> [email protected] ? I think it could be > >> helpfull. > > > > I think Koha project need a communication canal for security > > issues: currently, the only one I know is using the release > > manager mail... [...] > > Personnally, I will choose both: have a list with moderated > > subscription (the team security), and a component in bugzilla > > (where the list is the default assignee). [...] > I like these ideas. Do we have any dissenting opinions or should we > make it so?
Please, no closed list for development discussions. If someone finds a security vulnerability and has a support provider, they should tell them. If they do not, contact the project release manager - hopefully we always have release managers who value security highly. I'd encourage everyone to practice full disclosure and discuss them on the BTS or koha-devel as much as possible. Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha _______________________________________________ Koha-devel mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
