Hi >> Could you outline what you'd like to have in this policy. Not explicitly >> for this question you raised but more in general. Maybe it's indeed >> interesting to have one. > > As someone who works as a security professional and has spent the > last week interacting with a small army of auditors I vote that > security policy is often a pain in the arse. :) > > There are some examples of FOSS security policies: > > http://www.debian.org/security/ > http://www.netbsd.org/support/security/ > > And of course Google will show a few more up - I believe Mozilla has > one. > > Generally speaking they define a few basics: > > 1. Who is accountable for security > 2. What to do if you find a security issue and where to report > security issues > 3. How security patches are handled > 4. The project's disclosure policy
ic, thought it's going into this direction, but wasn't sure. thanks! cheers pete --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
