--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu <h...@symas.com>
wrote:
Also for clarity: We consider "Critical" bugs to include security
flaws resulting in unauthorized data disclosure, or unauthorized
remote code execution. We do not consider assert() failures or crashes
resulting only in Denial of Service as security flaws.
That's fine as a general statement, but what we need is an explicit
*documented* policy. Likely under "Release Documents" here:
<https://www.openldap.org/software/>
Sounds like you should open a ticket against the website then.
Once we have a clear, concise well formed policy I'll do that.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
