Dear Axel On Wed, 17 Jun 2020 13:47:13 +0200 Axel Braun <axel.br...@gmx.de> wrote:
> Hello Luis, > > I have already informed you three month ago in a private, encrypted > mail about this issue - solution was provided on 23 March, as well in > an encrypted mail. > I know you have acted in good faith, and I appreciate your commitment, but what you have done is wrong. Possible vulnerabilities must be reported to secur...@gnuhealth.org. That is the only place. We're all swamped by emails, that is why I have taken the time to document how to document a section on GNU Health security and how to report security issues. > Release 3.6.4 was one month ago, and I had emphasized this to you as > well. GNU Health setup and GNU Health control center have their own development process, independent of the GH HMIS. > Too bad that it was ignored, as I just found out. We all learn from our mistakes. Important thing is that you have acted in good faith, and now you know the right email and way to report possible security vulnerabilities. Let me take the opportunity to thank Johannes and the openSUSE security team for your work on strengthening GH! Al the best, Luis -- Dr. Luis Falcon, MD, MSc President, GNU Solidario GNU Health: Freedom and Equity in Healthcare www.gnuhealth.org Fingerprint: ACBF C80F C891 631C 68AA 8DC8 C015 E1AE 0098 9199
