Date: prev next · Thread: first prev next last
2014 Archives by date, by thread · List index

[tdf-discuss] Process for resolving security issues

I'm not sure whether this is the right list, but it will do for a start.

I would like to understand what process is in place for handling security issues. The question has arisen because of bug 51819, a serious security issue which was reported more than 18 months ago.

Getting that bug resolved is important enough, but even more important is knowing what process is in place to track and resolve security issues. Who at a senior TDF level is responsible for managing security? What are the guidelines for the process? Are these documented?

FWIW, it would be normal in most applications for security issues to always be blockers for the next version and to get the highest development priority. Until resolved ideally they should also be private.

Users need to have confidence that security is being handled professionally on their behalf. The lack of progress on bug 51819 has considerably dented my confidence. Putting a comment in the release notes is really not enough.

Mike Hall

To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
All messages sent to this list will be publicly archived and cannot be deleted


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.