[sr-dev] module FAQ, private contact replacement
Henning Westerholt
hw at kamailio.org
Wed Apr 4 08:14:21 CEST 2018
Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin Mierla:
> > I will change it to involve only security bugs, this way we could easily
> > change it when we have a dedicated security contact address. If we get to
> > much spam, I will remove it completely.
>
> I still think this is not the right way to do it, but remove it
> completely. It is not across all modules, only couple of them.
>
> And again, so far nobody actually used it. When having to report
> something more sensitive, people found the way to do it.
>
> Management doesn't have to do anything with those modules and should not
> get involved in their readme. There is a contact page with more details
> on project's website.
Hi Daniel,
I understand your reasoning.
We have neither on https://www.kamailio.org/w/mailing-lists/ or
https://www.kamailio.org/w/support/ any contact information for confidential
security issues. But maybe I did not saw it correctly.
You are right, in the past people figure it out to send it to somebody from
the core developer group. But people are in vacation or during extended
traveling etc.., therefore I see a benefit in having a distribution list for
this issues. It don't need to be the management, we just don't have right now
anything different.?
Best regards,
Henning
More information about the sr-dev
mailing list