[mapserver-dev] Motion: Updating the security reporting and workflow process
Jeff McKenna
jmckenna at gatewaygeomatics.com
Fri Feb 28 09:49:32 PST 2020
GeoServer leverages a 'geoserver-security@' list for their PSC security
discussions, similar to the MapServer alias (this was my logic in
implementing the new alias). -jeff
On 2020-02-28 1:47 p.m., Jeff McKenna wrote:
> Yes in fact it was me who set that up for all projects , but the new
> alias is specific to MapServer PSC (that was my logic for both). -jeff
>
>
>
> On 2020-02-28 1:44 p.m., Angelos Tzotsos wrote:
>> There is also the
>> https://lists.osgeo.org/mailman/listinfo/security-priv mailing list to
>> report this kind of issues, it has worked ok in the past.
>>
>> On 2/28/20 6:36 PM, Jeff McKenna wrote:
>>> There is now a new alias that users can send an initial report to,
>>> that forwards to all PSC members: mapserver-security (at) osgeo (dot)
>>> org
>>>
>>> SteveL has also setup a private 'mapserver-private' repository on
>>> Github, to handle valid security reports, privately.
>>>
>>> So therefore:
>>>
>>> Motion: update documentation
>>> (https://mapserver.org/development/bugs.html) to list the steps to
>>> report a security concern, mentioning the first step of sending
>>> report to mapserver-security (at), and second step of a PSC member
>>> creating a ticket in the 'mapserver-private' repository.
>>>
>>> +1
>>>
>>> -jeff
>>>
>>>
>>>
>>> If approved I volunteer to update docs now.
>>>
>>>
>>> _______________________________________________
>>> mapserver-dev mailing list
>>> mapserver-dev at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
>>
>>
>
>
--
Jeff McKenna
MapServer Consulting and Training Services
https://gatewaygeomatics.com/
More information about the mapserver-dev
mailing list