[tdf-discuss] Process for resolving security issues
I'm not sure whether this is the right list, but it will do for a start.
I would like to understand what process is in place for handling
security issues. The question has arisen because of bug 51819, a serious
security issue which was reported more than 18 months ago.
Getting that bug resolved is important enough, but even more important
is knowing what process is in place to track and resolve security
issues. Who at a senior TDF level is responsible for managing security?
What are the guidelines for the process? Are these documented?
FWIW, it would be normal in most applications for security issues to
always be blockers for the next version and to get the highest
development priority. Until resolved ideally they should also be private.
Users need to have confidence that security is being handled
professionally on their behalf. The lack of progress on bug 51819 has
considerably dented my confidence. Putting a comment in the release
notes is really not enough.
To unsubscribe e-mail to: firstname.lastname@example.org
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted
- [tdf-discuss] Process for resolving security issues · Mike Hall
Impressum (Legal Info)
: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (MPLv2
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our trademark policy