--On Sunday, August 8, 2021 3:21 AM +0100 Howard Chu <h...@symas.com> wrote:
Quanah Gibson-Mount wrote:
--On Saturday, August 7, 2021 1:31 PM +0100 Howard Chu <h...@symas.com>
wrote:
Also for clarity: We consider "Critical" bugs to include security
flaws resulting in unauthorized data disclosure, or unauthorized
remote code execution. We do not consider assert() failures or crashes
resulting only in Denial of Service as security flaws.
That's fine as a general statement, but what we need is an explicit
*documented* policy. Likely under "Release Documents" here:
<https://www.openldap.org/software/>
Sounds like you should open a ticket against the website then.
Once we have a clear, concise well formed policy I'll do that.
That's backwards. The ticket has to exist before anyone writes a patch/MR
for it.
As a project, we need to decide on a policy. Once we decide on what that
policy is, we can document it. IMHO this list is the best place to have
that discussion.
--Quanah
--
Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
