[postgis-devel] PSC Vote add a security at postgis.net
Regina Obe
lr at pcorp.us
Sat Dec 7 05:30:28 PST 2019
You, strk, and Raul also want to be on the team?
I think only Paul and I answered affirmative to that part (or what I understood to be affirmative).
Thanks,
Regina
From: postgis-devel [mailto:postgis-devel-bounces at lists.osgeo.org] On Behalf Of Darafei "Kom?pa" Praliaskouski
Sent: Saturday, December 7, 2019 12:39 AM
To: PostGIS Development Discussion <postgis-devel at lists.osgeo.org>
Subject: Re: [postgis-devel] PSC Vote add a security at postgis.net
Hi,
+1 (Darafei)
We should define way to handle. In my experience things lead to a trac ticket with description, and a NEWS entry anyway. We may keep it this way - not withholding anything but making it easier for security researchers to ping us, without any subscription/registration.
On Thu, Dec 5, 2019 at 9:35 PM Regina Obe <lr at pcorp.us <mailto:lr at pcorp.us> > wrote:
Right now when any one has a security issue of a private nature they either don’t know who to send the notice to or send it to whoever they know on the PSC.
I propose we have a security at postgis.net <mailto:security at postgis.net> (similar to how other projects had one)
And state if anyone found a security vulnerability in PostGIS they can send to this email.
Thoughts?
Also who want to handle security issues – can be more than one of us.
Thanks,
Regina
_______________________________________________
postgis-devel mailing list
postgis-devel at lists.osgeo.org <mailto:postgis-devel at lists.osgeo.org>
https://lists.osgeo.org/mailman/listinfo/postgis-devel
--
Darafei Praliaskouski
Support me: http://patreon.com/komzpa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/postgis-devel/attachments/20191207/321e778d/attachment.html>
More information about the postgis-devel
mailing list