[sr-dev] module FAQ, private contact replacement

Daniel-Constantin Mierla miconda at gmail.com
Wed Apr 4 09:07:33 CEST 2018 

Hello,


On 04.04.18 08:14, Henning Westerholt wrote:
> Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin Mierla:
>>> I will change it to involve only security bugs, this way we could easily
>>> change it when we have a dedicated security contact address. If we get to
>>> much spam, I will remove it completely.
>> I still think this is not the right way to do it, but remove it
>> completely. It is not across all modules, only couple of them.
>>
>> And again, so far nobody actually used it. When having to report
>> something more sensitive, people found the way to do it.
>>
>> Management doesn't have to do anything with those modules and should not
>> get involved in their readme. There is a contact page with more details
>> on project's website.
> Hi Daniel,
>
> I understand your reasoning. 
>
> We have neither on https://www.kamailio.org/w/mailing-lists/ or
> https://www.kamailio.org/w/support/ any contact information for confidential 
> security issues. But maybe I did not saw it correctly.

there is also https://www.kamailio.org/w/contact-us/


>
> You are right, in the past people figure it out to send it to somebody from 
> the core developer group. But people are in vacation or during extended 
> traveling etc.., therefore I see a benefit in having a distribution list for 
> this issues. It don't need to be the management, we just don't have right now 
> anything different.?
>

If you talk about people not being available in short time, those in
management are quite exposed, because the group is not formed based on
recent activity. The admin group was built for this purpose. You can try
to organize that better or propose something else, I am more than happy
that someone takes care of it.

Anyhow, back to the original issue, that remark is in 14 modules out of
222, so not even in 10%. It was not relevant (not used) for a lot of
years. It should be removed, not revived in only few places, with a
wrong approach of directing to an address not supposed to be used for
such case. It should in in one place, where people will find it.

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - April 16-18, 2018, Berlin - www.asipto.com
Kamailio World Conference - May 14-16, 2018 - www.kamailioworld.com

More information about the sr-dev mailing list