[development] How to report a security issue

Chris Johnson cxjohnson at gmail.com
Wed Jan 23 17:13:02 UTC 2008

On Jan 23, 2008 5:14 PM, Ivan Sergio Borgonovo <mail at webthatworks.it> wrote:
> On Wed, 23 Jan 2008 09:52:35 -0500
> "Khalid Baheyeldin" <kb at 2bits.com> wrote:

> > The team is entirely volunteer driven, and the amount of work is
> > very large for it to handle. We recently asked for more volunteers
> > and got maybe 3 responses total.
> > The process mentioned above spells it out. You should coordinate
> > with security and only commit when the SA is ready.
> Please, please, please... if I wrote what I wrote I had good reasons
> to write it. I'd prefer not to discuss details here. But I'd like to
> avoid the the impression I'm an asshole and the problem can be
> ignored.

Ok, so in 100 words or less, just exactly are the top 2 "good reasons
to write it?"  I just want to be sure I am not missing the point,
because right now I'm having a hard time discerning just what those
good reasons are.  It seemed to me that Khalid addressed most of your
points quite fairly.  What was missed?

If we really screwed up, I'd like to know about it.  Thanks.

More information about the development mailing list