Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu <h...@symas.com> wrote:
Also for clarity: We consider "Critical" bugs to include security
flaws resulting in unauthorized data disclosure, or unauthorized
remote code execution. We do not consider assert() failures or crashes
resulting only in Denial of Service as security flaws.
That's fine as a general statement, but what we need is an explicit
*documented* policy. Likely under "Release Documents" here:
<https://www.openldap.org/software/>
Sounds like you should open a ticket against the website then.
Once we have a clear, concise well formed policy I'll do that.
That's backwards. The ticket has to exist before anyone writes a patch/MR for
it.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
