[sr-dev] Security incident management
Henning Westerholt
henning.westerholt at 1und1.de
Fri Jan 8 11:01:40 CET 2010
On Friday 08 January 2010, Olle E. Johansson wrote:
> > we don't have a dedicated security mailing address at the moment, also
> > because the number of incidents in this regards has been pretty low. What
> > about using the existing 'management' and 'board' lists for this purpose
> > as well?
>
> Are the old SER team integrated to those lists?
Hey Olle,
no, we've two different lists at the moment:
- management at kamailio dot org
- board at iptel dot org
> > In order to announce security related bugs i suggest to forward them to
> > the user lists, and also to the (low traffic) kamalio announce list.
>
> Well, sounds like a good first plan - why don't you put it on the web site
> as a starting point. We need a document that clearly states the process
> we've decided.
Sounds good.
> "If you find any security issues with the software, please send e-mail to
> xxxx at sip-router.org or kamailio.net. From there, a member of the
> management team will handle it.
Also fine with me, other projects do it like this as well.
> SIP-router security alerts will be sent to the -users list and published on
> the following URL. Security releases, if needed, will be mentioned in the
> security alert that will also point out which versions of the software
> that is affected by the issue."
If its ok to place this on the wiki, you could just create the page and post
the link in this discussion, in order to get more/ other feedback. :)
Henning
More information about the sr-dev
mailing list