4 Apr
2018
4 Apr
'18
9:14 a.m.
Am Dienstag, 3. April 2018, 22:59:42 CEST schrieb Daniel-Constantin Mierla:
Hi Daniel,
I understand your reasoning.
We have neither on https://www.kamailio.org/w/mailing-lists/ or
https://www.kamailio.org/w/support/ any contact information for confidential
security issues. But maybe I did not saw it correctly.
You are right, in the past people figure it out to send it to somebody from
the core developer group. But people are in vacation or during extended
traveling etc.., therefore I see a benefit in having a distribution list for
this issues. It don't need to be the management, we just don't have right now
anything different.?
Best regards,
Henning
I will change
it to involve only security bugs, this way we could easily
change it when we have a dedicated security contact address. If we get to
much spam, I will remove it completely.
I still think this is not the right way to do it, but remove it
completely. It is not across all modules, only couple of them.
And again, so far nobody actually used it. When having to report
something more sensitive, people found the way to do it.
Management doesn't have to do anything with those modules and should not
get involved in their readme. There is a contact page with more details
on project's website.