[SR-Users] Kamailio Security Policy - How to handle vulnerability reports
Olle E. Johansson
oej at edvina.net
Wed Feb 25 21:53:16 CET 2015
On 25 Feb 2015, at 18:56, Daniel Tryba <d.tryba at pocos.nl> wrote:
> On Wednesday 25 February 2015 18:14:06 Olle E. Johansson wrote:
>> Thank you for the feedback!
>
> BTW the Yes to is this a good thing ment: this is a really good idea to have
> in writing. But you still have to rely on the bugfinders to realize the
> impact/need to secrecy.
+1000 - this was discussed during the dev meeting.
>
>>> But I fail to see how a pgp key for security is really important. Is
>>> there a PKI for kamailio releases?
>>> http://www.kamailio.org/pub/kamailio/latest/src/ contains the latest
>>> version, but there is no way to verify if this is really the latest
>>> release. No ssl, no dnssec, no signed checksums. These should be
>>> considered also.
>>
>> I would love seeing signatures
>
> This needs some release management, this needs to be discussed with Daniel(-
> Constantin) as manager of the project and with the builders of packages.
Agree fully. It's currently out of scope for this document.
/O
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 670 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20150225/1d0f72aa/attachment.sig>
More information about the sr-users
mailing list