[Code] Is there a proper way to report security issue in php-openid?
Marco Ceppi
marco at ceppi.net
Mon Aug 12 06:58:04 UTC 2013
While this is being discussed off-list, I'd like to propose a method of how
to report security issues, via some escalation path, that maintainers and
trusted contributors can read and respond to outside of the public scope. I
know in launchpad you can specify is a bug is a security issue, which would
notify only the projects members and make the bug only visible to them
until the "security" flag was removed.
I don't think there is a comparable feature in Github, so would setting up
a second list be something to investigate? Or should we just have in the
README to email X, Y, and Z with the issue?
Thanks
Marco Ceppi
On Sun, Aug 11, 2013 at 6:55 PM, Kousuke Ebihara <kousuke at co3k.org> wrote:
> Hi,
>
> I've found a security vulnerability in the current master branch of
> php-openid (ed87a679d5ef18178b0f0c0c41f9e391e21267ac).
>
> https://github.com/openid/php-openid
>
> So I want to report it ASAP, but I can't see where I should report it to.
>
> Is there a proper way to report security issue in php-openid?
>
> Thanks,
> Kousuke
>
> --
> Kousuke Ebihara <kousuke at co3k.org>
> http://co3k.org/
> _______________________________________________
> Code mailing list
> Code at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-code
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-code/attachments/20130812/f319915b/attachment.html>
More information about the Code
mailing list