[Users] Security response policy
Barry De Graaff
barrydg at zetalliance.org
Tue Apr 26 11:50:17 CEST 2016
Hello All,
For security response policy (for both the rpm/deb repo and the github) I was thinking
of keeping things simple and
Tell everybody that want to get the URL to the packages repository to *subscribe* to the
users DL.
Further I would like to see that some of our github admins and the maintainers of the packages
repo share their pgp fingerprint.
So in case of somebody wanting to report a security issue, they can just send it pgp encrypted
to all the admins. Avoiding a central security@ account that may go unnoticed.
Then we need to make sure there is always enough admins not on holiday, knowing how to fix issues
if/when then should occur.
Any thoughts?
Barry
More information about the Users
mailing list