[Techtalk] Handling security issues when you are upstream
Mary
mary-linuxchix at puzzling.org
Fri Oct 28 11:03:55 EST 2005
On Sat, Oct 08, 2005, Mary wrote:
> Hi everyone,
>
> Anyone know of the current correct procedure for notifying vendors of a
> security hole and a fix when you *are* upstream for the fix?
For people interested in the conclusion of this discussion, someone else
I asked eventually pointed me at Karl Fogel's Free book "Producing Open
Source Software", which has guidelines on security policy and security
notifications here:
http://producingoss.com/html-chunk/publicity.html#security
-Mary
More information about the Techtalk
mailing list