[mapserver-dev] Motion: Updating the security reporting and workflow process
Angelos Tzotsos
gcpp.kalxas at gmail.com
Fri Feb 28 09:44:09 PST 2020
There is also the https://lists.osgeo.org/mailman/listinfo/security-priv
mailing list to report this kind of issues, it has worked ok in the past.
On 2/28/20 6:36 PM, Jeff McKenna wrote:
> There is now a new alias that users can send an initial report to,
> that forwards to all PSC members: mapserver-security (at) osgeo (dot) org
>
> SteveL has also setup a private 'mapserver-private' repository on
> Github, to handle valid security reports, privately.
>
> So therefore:
>
> Motion: update documentation
> (https://mapserver.org/development/bugs.html) to list the steps to
> report a security concern, mentioning the first step of sending report
> to mapserver-security (at), and second step of a PSC member creating a
> ticket in the 'mapserver-private' repository.
>
> +1
>
> -jeff
>
>
>
> If approved I volunteer to update docs now.
>
>
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
--
Angelos Tzotsos, PhD
Charter Member
Open Source Geospatial Foundation
http://users.ntua.gr/tzotsos
More information about the mapserver-dev
mailing list