On Friday, 4 January 2019 2:02:20 AM AEDT Florian Zumbiehl via Exim-dev wrote: > Hi, > > > For the record, if you have a sensitive security issue, please mail > > > > secur...@exim.org > > well, that's good to know, I guess, but may I suggest you put that on the > website somewhere?
It probably would be useful to include it on the website, but if you attempt to submit a bug it does have a disclaimer at the top: "If you have a sensitive security issue, please mail secur...@exim.org" although it doesn't have instructions on how to encrypt with the maintainer's public keys. > Just put a text file in > https://www.exim.org/static/doc/security/ or something, that's linked as > "security" from the start page, so that should be easy enough to discover. > > Even knowing the address, the only thing I can find on the web containing > that address are some files in /.github/ in the repo, hosted on github, so > that's kinda impossible to find. > > Adding a file in the root of the repo might also be a good idea ... > > Regards, Florian -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##