[SR-Users] Kamailio Security Policy - How to handle vulnerability reports

Daniel Tryba d.tryba at pocos.nl
Wed Feb 25 18:56:21 CET 2015


On Wednesday 25 February 2015 18:14:06 Olle E. Johansson wrote:
> Thank you for the feedback!

BTW the Yes to is this a good thing ment: this is a really good idea to have 
in writing. But you still have to rely on the bugfinders to realize the 
impact/need to secrecy.

> > But I fail to see how a pgp key for security is really important. Is
> > there a PKI for kamailio releases?
> > http://www.kamailio.org/pub/kamailio/latest/src/ contains the latest
> > version, but there is no way to verify if this is really the latest
> > release. No ssl, no dnssec, no signed checksums. These should be
> > considered also.
> 
> I would love seeing signatures

This needs some release management, this needs to be discussed with Daniel(-
Constantin) as manager of the project and with the builders of packages.

-- 

Telefoon: 088 0100 700
Sales: sales at pocos.nl | Service: servicedesk at pocos.nl
http://www.pocos.nl/ | Croy 9c, 5653 LC Eindhoven | Kamer van Koophandel 
17097024
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150225/2b7a6d25/attachment.sig>


More information about the sr-users mailing list