Re: [Monotone-devel] security issue

monotone-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] security issue

From:	Bernhard Reiter
Subject:	Re: [Monotone-devel] security issue
Date:	Tue, 8 Feb 2005 20:59:46 +0100
User-agent:	Mutt/1.3.28i

On Thu, Feb 03, 2005 at 10:30:35AM -0500, graydon hoare wrote:
> (I don't really know what the protocol is for this, or more serious 
> security notices; presumably at some level of visibility and maturity 
> it'll be the "right" thing to do to file a vulnerability report with 
> various parties.. but is that sort of thing necessary while we're still 
> an alpha project with rapidly changing code? I don't know. any advice?)

I would say it is appropriate to issue a security advisory.
Monotone might be in use by people and they probably do not all follow
the development list. 
Point to your advisory from the webpage.
Send it to a few security bulletins.

A new point release properly is a good thing, too.

        Bernhard

pgpyAN6RSC2hD.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Monotone-devel] security issue, graydon hoare, 2005/02/03
- Re: [Monotone-devel] security issue, Jon Bright, 2005/02/03
- Re: [Monotone-devel] security issue, Matthew A. Nicholson, 2005/02/03
- Re: [Monotone-devel] security issue, Nathaniel Smith, 2005/02/03
- Re: [Monotone-devel] security issue, Bernhard Reiter <=

Prev by Date: [Monotone-devel] Re: Error in Pull
Next by Date: [Monotone-devel] But Wait, There's More!
Previous by thread: Re: [Monotone-devel] security issue
Next by thread: [Monotone-devel] Re: Netsync commit failure
Index(es):
- Date
- Thread