On Tue, Oct 03, 2006, Andrey Romanov wrote:

> Hello here!
> I think, I have found a pretty significant security-related bug in
> OpenSSL library. What are the guidelines for reporting them?
> Should I post it directly on the mailing list? Or to provide the info to
> maintainer first?

These can be passed to a member of the dev team in the first instance, me
for example. Then after any issue has been analysed we'll get back to you.

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org