[tdf-discuss] Process for resolving security issues

I'm not sure whether this is the right list, but it will do for a start.

I would like to understand what process is in place for handling 
security issues. The question has arisen because of bug 51819, a serious 
security issue which was reported more than 18 months ago.

Getting that bug resolved is important enough, but even more important 
is knowing what process is in place to track and resolve security 
issues. Who at a senior TDF level is responsible for managing security? 
What are the guidelines for the process? Are these documented?

FWIW, it would be normal in most applications for security issues to 
always be blockers for the next version and to get the highest 
development priority. Until resolved ideally they should also be private.

Users need to have confidence that security is being handled 
professionally on their behalf. The lack of progress on bug 51819 has 
considerably dented my confidence. Putting a comment in the release 
notes is really not enough.

--
Mike Hall
www.onepoyle.net


--
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted