On 5/13/19 at 11:33 AM, [email protected] (Jonathan Vanasco) pronounced:
> > On Monday, May 13, 2019 at 4:17:05 AM UTC-4, Steve Piercy wrote: > > > > https://pylonsproject.org/community-support.html > > > I think it would make sense to put a formal policy in place requesting > security issues be first reported via the @security email address, they > will be in contact within 72hours or so to discuss if any next steps are > appropriate, and to please refrain from public disclosure or creating > report with CVE within this timeframe. Thanks for bringing this to our attention. We volunteers cannot guarantee a timeframe to respond. I updated the page with an ask not to disclose publicly. --steve ------------------------ Steve Piercy, Eugene, OR -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/r480Ps-10126i-08088CA7AE4846D188658031CDC1D9EC%40Steves-iMac.local. For more options, visit https://groups.google.com/d/optout.
