[mapserver-dev] Motion: Updating the security reporting and workflow process
Jeff McKenna
jmckenna at gatewaygeomatics.com
Fri Feb 28 09:47:55 PST 2020
Yes in fact it was me who set that up for all projects , but the new
alias is specific to MapServer PSC (that was my logic for both). -jeff
On 2020-02-28 1:44 p.m., Angelos Tzotsos wrote:
> There is also the https://lists.osgeo.org/mailman/listinfo/security-priv
> mailing list to report this kind of issues, it has worked ok in the past.
>
> On 2/28/20 6:36 PM, Jeff McKenna wrote:
>> There is now a new alias that users can send an initial report to,
>> that forwards to all PSC members: mapserver-security (at) osgeo (dot) org
>>
>> SteveL has also setup a private 'mapserver-private' repository on
>> Github, to handle valid security reports, privately.
>>
>> So therefore:
>>
>> Motion: update documentation
>> (https://mapserver.org/development/bugs.html) to list the steps to
>> report a security concern, mentioning the first step of sending report
>> to mapserver-security (at), and second step of a PSC member creating a
>> ticket in the 'mapserver-private' repository.
>>
>> +1
>>
>> -jeff
>>
>>
>>
>> If approved I volunteer to update docs now.
>>
>>
>> _______________________________________________
>> mapserver-dev mailing list
>> mapserver-dev at lists.osgeo.org
>> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
>
>
--
Jeff McKenna
MapServer Consulting and Training Services
https://gatewaygeomatics.com/
More information about the mapserver-dev
mailing list