Security point of contact

Seb seb at wilzba.ch
Thu Jun 28 12:35:08 UTC 2018


On Sunday, 10 June 2018 at 00:59:11 UTC, Cym13 wrote:
> On Sunday, 10 June 2018 at 00:31:55 UTC, Vladimir Panteleev 
> wrote:
>> [...]
>
> This is the thing exactly, first of all the idea that the main 
> developer of the part of the project impacted should be the one 
> receiving the report is sound but far from obvious. In many 
> countries there is a (stupid) legal risk associated with 
> vulnerability disclosure, so as a researcher you'd rather be 
> sure that you're talking to the right person.
>
> [...]

Another step at setting such a security point of contact up:

https://github.com/dlang/dlang.org/pull/2398

Input is welcome.


More information about the Digitalmars-d mailing list