Security point of contact
Seb
seb at wilzba.ch
Thu Jun 28 12:35:08 UTC 2018
On Sunday, 10 June 2018 at 00:59:11 UTC, Cym13 wrote:
> On Sunday, 10 June 2018 at 00:31:55 UTC, Vladimir Panteleev
> wrote:
>> [...]
>
> This is the thing exactly, first of all the idea that the main
> developer of the part of the project impacted should be the one
> receiving the report is sound but far from obvious. In many
> countries there is a (stupid) legal risk associated with
> vulnerability disclosure, so as a researcher you'd rather be
> sure that you're talking to the right person.
>
> [...]
Another step at setting such a security point of contact up:
https://github.com/dlang/dlang.org/pull/2398
Input is welcome.
More information about the Digitalmars-d
mailing list