[QGIS-Developer] Reporting security related issues ?

jratike80 jukka.rahkonen at maanmittauslaitos.fi
Wed Feb 12 01:40:44 PST 2020


Hi,

In the Geoserver project we have a dedicated, closed, moderated and not
archived mailing list for reporting vulnerabilities
https://lists.osgeo.org/mailman/listinfo/geoserver-security.

We advice users to use just that mailing list in user documentation
http://geoserver.org/comm/ and in the issue tracker
https://osgeo-org.atlassian.net/projects/GEOS/summary

PSC members are all members on the list and also moderators. Only mails
which are accepted by a moderator are sent to recipients. About 80 percent
of mails are either spam or unknown people are trying to get accepted to the
security list and moderator just deletes those mails. The rest 20% has been
good stuff and in many cases absolutely something that we do not want to see
on the open mailing lists or in the issue tracker.

-Jukka Rahkonen-
 

Sandro Santilli-4 wrote
> Sounds like a treasure hunt. How about writing a few words on
> https://qgis.org/en/site/getinvolved/development/bugreporting.html ?
> Maybe also defining an email alias @qgis.org to receive those
> reports..
> 
> --strk;
> _______________________________________________
> QGIS-Developer mailing list

> QGIS-Developer at .osgeo

> List info: https://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: https://lists.osgeo.org/mailman/listinfo/qgis-developer





--
Sent from: http://osgeo-org.1560.x6.nabble.com/QGIS-Developer-f4099106.html


More information about the QGIS-Developer mailing list