<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body>
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      FYI there is <a class="moz-txt-link-abbreviated" href="mailto:security-priv@lists.osgeo.org">security-priv@lists.osgeo.org</a> where several CVE
      reports have been logged.<br>
      <br>
      On 12/5/19 8:34 PM, Regina Obe wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:001b01d5ab9a$b214ab70$163e0250$@pcorp.us">
      <pre class="moz-quote-pre" wrap="">Right now when any one has a security issue of a private nature they either
don't know who to send the notice to or send it to whoever they know on the
PSC.

 

I propose we have a <a class="moz-txt-link-abbreviated" href="mailto:security@postgis.net">security@postgis.net</a> <a class="moz-txt-link-rfc2396E" href="mailto:security@postgis.net"><mailto:security@postgis.net></a>
(similar to how other projects had one)

 

And state if anyone found a security vulnerability in PostGIS  they can send
to this email.

 

Thoughts?

Also who want to handle security issues - can be more than one of us.

 

Thanks,

Regina


</pre>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
postgis-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:postgis-devel@lists.osgeo.org">postgis-devel@lists.osgeo.org</a>
<a class="moz-txt-link-freetext" href="https://lists.osgeo.org/mailman/listinfo/postgis-devel">https://lists.osgeo.org/mailman/listinfo/postgis-devel</a></pre>
    </blockquote>
    <br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Angelos Tzotsos, PhD
Charter Member
Open Source Geospatial Foundation
<a class="moz-txt-link-freetext" href="http://users.ntua.gr/tzotsos">http://users.ntua.gr/tzotsos</a></pre>
  </body>
</html>