[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] security issue

From: Bernhard Reiter
Subject: Re: [Monotone-devel] security issue
Date: Tue, 8 Feb 2005 20:59:46 +0100
User-agent: Mutt/1.3.28i

On Thu, Feb 03, 2005 at 10:30:35AM -0500, graydon hoare wrote:
> (I don't really know what the protocol is for this, or more serious 
> security notices; presumably at some level of visibility and maturity 
> it'll be the "right" thing to do to file a vulnerability report with 
> various parties.. but is that sort of thing necessary while we're still 
> an alpha project with rapidly changing code? I don't know. any advice?)

I would say it is appropriate to issue a security advisory.
Monotone might be in use by people and they probably do not all follow
the development list. 
Point to your advisory from the webpage.
Send it to a few security bulletins.

A new point release properly is a good thing, too.


Attachment: pgpyAN6RSC2hD.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]