[mapserver-dev] Motion: Updating the security reporting and workflow process

[Jeff McKenna]

There is now a new alias that users can send an initial report to, that 
forwards to all PSC members: mapserver-security (at) osgeo (dot) org

SteveL has also setup a private 'mapserver-private' repository on 
Github, to handle valid security reports, privately.

So therefore:

Motion: update documentation 
(https://mapserver.org/development/bugs.html) to list the steps to 
report a security concern, mentioning the first step of sending report 
to mapserver-security (at), and second step of a PSC member creating a 
ticket in the 'mapserver-private' repository.

+1

-jeff



If approved I volunteer to update docs now.