Re: Any guidelines for security related bug reports?
On Tue, Oct 03, 2006, Andrey Romanov wrote:
> Hello here!
> I think, I have found a pretty significant security-related bug in
> OpenSSL library. What are the guidelines for reporting them?
> Should I post it directly on the mailing list? Or to provide the info to
> maintainer first?
These can be passed to a member of the dev team in the first instance, me
for example. Then after any issue has been analysed we'll get back to you.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
OpenSSL Project [url]http://www.openssl.org[/url]
Development Mailing List [email]email@example.com[/email]
Automated List Manager [email]firstname.lastname@example.org[/email]