Changes between Initial Version and Version 1 of ReportingVulnerabilities


Ignore:
Timestamp:
Dec 20, 2010, 3:43:41 AM (4 years ago)
Author:
dustin
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ReportingVulnerabilities

    v1 v1  
     1If you have discovered a security vulnerability in Buildbot, please be careful in how you disclose it, as the security of many significant projects depends on Buildbot.
     2
     3Here is what we recommend:
     4 1. Email the maintainer (dustin@mozilla.com) directly, explaining the vulnerability in detail and any recommended fixes.  If you have a full-disclosure deadline, please state it clearly.
     5 1. Dustin will reply as soon as possible to indicate that your email was received, and will correspond as the issue is fixed.  He may copy other committers who can help solve the problem.
     6 1. Once a fix is ready, Dustin or another committer will take care of making patch releases for affected versions, committing the fixes, and posting an announcement to the mailing list.  Unless you ask to remain anonymous, you will be credited with discovery of the vulnerability.