[Koha-devel] Koha Library Software
MJ Ray
mjr at phonecoop.coop
Fri Jun 3 12:03:50 CEST 2011
Chris Cormack wrote:
> 2011/6/2 Frère Sébastien <semarie-koha at latrappe.fr>:
> > On Wed, Jun 01, 2011 at 09:47:05AM +0200, Paul Poulain wrote:
> >> Next question: we've spoken of a mailing list for such
> >> vulnerabilities. Should we create
> >> vulnerabilities at lists.koha-community.org ? I think it could be
> >> helpfull.
> >
> > I think Koha project need a communication canal for security
> > issues: currently, the only one I know is using the release
> > manager mail...
[...]
> > Personnally, I will choose both: have a list with moderated
> > subscription (the team security), and a component in bugzilla
> > (where the list is the default assignee).
[...]
> I like these ideas. Do we have any dissenting opinions or should we
> make it so?
Please, no closed list for development discussions. If someone finds
a security vulnerability and has a support provider, they should
tell them. If they do not, contact the project release manager -
hopefully we always have release managers who value security highly.
I'd encourage everyone to practice full disclosure and discuss them on
the BTS or koha-devel as much as possible.
Hope that explains,
--
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op.
http://koha-community.org supporter, web and LMS developer, statistician.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire for Koha work http://www.software.coop/products/koha
More information about the Koha-devel
mailing list