<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body>
<div class="moz-cite-prefix">Hi,<br>
<br>
FYI there is <a class="moz-txt-link-abbreviated" href="mailto:security-priv@lists.osgeo.org">security-priv@lists.osgeo.org</a> where several CVE
reports have been logged.<br>
<br>
On 12/5/19 8:34 PM, Regina Obe wrote:<br>
</div>
<blockquote type="cite"
cite="mid:001b01d5ab9a$b214ab70$163e0250$@pcorp.us">
<pre class="moz-quote-pre" wrap="">Right now when any one has a security issue of a private nature they either
don't know who to send the notice to or send it to whoever they know on the
PSC.
I propose we have a <a class="moz-txt-link-abbreviated" href="mailto:security@postgis.net">security@postgis.net</a> <a class="moz-txt-link-rfc2396E" href="mailto:security@postgis.net"><mailto:security@postgis.net></a>
(similar to how other projects had one)
And state if anyone found a security vulnerability in PostGIS they can send
to this email.
Thoughts?
Also who want to handle security issues - can be more than one of us.
Thanks,
Regina
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
postgis-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:postgis-devel@lists.osgeo.org">postgis-devel@lists.osgeo.org</a>
<a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/postgis-devel">https://lists.osgeo.org/mailman/listinfo/postgis-devel</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Angelos Tzotsos, PhD
Charter Member
Open Source Geospatial Foundation
<a class="moz-txt-link-freetext" href="http://users.ntua.gr/tzotsos">http://users.ntua.gr/tzotsos</a></pre>
</body>
</html>