-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Meier wrote: > Could you outline what you'd like to have in this policy. Not explicitly > for this question you raised but more in general. Maybe it's indeed > interesting to have one.
As someone who works as a security professional and has spent the last week interacting with a small army of auditors I vote that security policy is often a pain in the arse. :) There are some examples of FOSS security policies: http://www.debian.org/security/ http://www.netbsd.org/support/security/ And of course Google will show a few more up - I believe Mozilla has one. Generally speaking they define a few basics: 1. Who is accountable for security 2. What to do if you find a security issue and where to report security issues 3. How security patches are handled 4. The project's disclosure policy Regards James Turnbull - -- Author of: * Pro Linux Systems Administration (http://tinyurl.com/linuxadmin) * Pulling Strings with Puppet (http://tinyurl.com/pupbook) * Pro Nagios 2.0 (http://tinyurl.com/pronagios) * Hardening Linux (http://tinyurl.com/hardeninglinux) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iD8DBQFKbhjH9hTGvAxC30ARAjGMAJwKwXqm6RdMsaz9MG2vwMxL4eqBCQCgkra9 LnbnMMfBjRQeS0fE386tiko= =fuo7 -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
