On Saturday, August 20, 2016 17:41:45 Daniel Stenberg wrote: > Hi friends, > > One of the remaining steps to make us reach 100% "CII best practices", is to > make sure we document how we deal with security problems and provide a way > for users to report such problems without immediately disclosing them to > the public. > > I've written a suggested "security process" for how to handle these sort of > problems and I've set up an email alias (libssh2-secur...@haxx.se) with a > closed list of receivers to which suspected vulerabilities can be reported. > > The process is my *suggested* approach and I'm interested in feedback and > comments to make sure we all agree on it. It is right now already easily > browsable here: > > https://github.com/libssh2/libssh2/blob/master/docs/SECURITY.md
Looks good to me! Sorry for replying late on this. Kamil > There should be very few surprises in that. It is basically the same > document I've used in the curl project for many years. I stole it from > there with permission since I wrote the original =) > > I'll make it viewable from the web site too in a day or two, depending on > the feedback here. _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
