Date: Mon, 31 Jan 2011 12:00:54 +0100 From: Tomas Hoger <thoger@...hat.com> To: strenholme.usenet@...il.com Cc: oss-security@...ts.openwall.com, list@...adns.org, geissert@...ian.org, atomo64@...il.com, coley@...re.org Subject: Re: MaraDNS 1.4.06 and 1.3.07.11 released Hi Sam! On Sat, 29 Jan 2011 22:21:08 -0700 Sam Trenholme wrote: > I would like to thank Mr. Witold Baryluk for pointing out this issue, > taking the time to backtrace the bug, and for bringing it to my > attention by posting to the MaraDNS mailing list. However, I need to > let him know that making this public by filing a public Debian bug > without first trying to contact me is not the appropriate way to > handle a security problem with MaraDNS. The appropriate way to do so > is via private email. My email address is here: > > http://samiam.org/mailme.php I think it may be a good idea to have this preferred way of receiving security reports for MaraDNS documented on the project web site in a way that does not make it hard to find. I took a quick look at the maradns.org web to see what contact info I can find as someone who may want to report a security flaw, but does not have any closer relationship with project's upstream or community. The main page suggests using mailing list for bug reports. There is the contact.html page that does document what to do when reporting security issue, but the page does not seem to be linked from other pages (I noticed it thanks to the web site copy bundled in the maradns source tarball). There's a link from sponsors.html, but that page is no longer linked from the site menu. So while the info is there, I don't see an easy way to find it by following links from the main page. Maybe that's something you may want to change. Just my 2c, HTH. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.