[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [rt-pmc] Security Policy
|
I think the Timing guidelines in the security policy could be better:
* Just having a patch available is not particularly helpful to consumers of a project who don't build from source - presumably the majority.
* One definite guideline should be that vulnerabilities for which a fix has been included in an official release should be disclosed.
Oh and there is a typo on [1]: "Ecipse".
Regards,
Glyn
On 25 May 2011, at 21:57, Wayne Beaton wrote:
> Hey folks.
>
> Please take a look at the new /security site [1] on eclipse.org.
>
> I would very much appreciate your comments on the policy itself and any
> other aspect of the site. From my perspective, the most controversial
> bit is the part where I suggest a three-month maximum period before
> disclosure; there's a ongoing discussion on Bug 337006 [2].
>
> Thanks,
>
> Wayne
>
> [1] http://www.eclipse.org/security
> [2] https://bugs.eclipse.org/bugs/show_bug.cgi?id=337006
> _______________________________________________
> rt-pmc mailing list
> rt-pmc@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/rt-pmc