Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Sep 22, 2009, 2:17:09 PM (14 years ago)
- Author:
-
datallah
- Comment:
-
Fix formatting
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v4
|
v5
|
|
| 5 | 5 | |
| 6 | 6 | = Process for Developers = |
| 7 | | 1. |
| 8 | | a) When a bug is reported to the security@pidgin.im mailing list, reply to the reporter with an email based on this template: |
| 9 | | Thank you for reporting this problem to us! We will investigate it and make an appropriate fix. In the mean time, we ask that you please not disclose the problem to the public, yet! Please provide us with the following information: TODO |
| 10 | | b) If the bug has already been announced publicly (on devel mailing list, IRC, or Jabber conference), send all information about the bug to security@pidgin.im |
| 11 | | 2. Developers on the security email list should determine an appropriate fix and create a patch. |
| | 7 | 1. Acknowledge receipt of the bug. |
| | 8 | a. When a bug is reported to the security@pidgin.im mailing list, reply to the reporter with an email based on this template: |
| | 9 | {{{ |
| | 10 | Thank you for reporting this problem to us! |
| | 11 | We will investigate it and make an appropriate fix. |
| | 12 | In the mean time, we ask that you please not disclose the problem to the public, yet! |
| | 13 | Please provide us with the following information: TODO |
| | 14 | }}} |
| | 15 | a. If the bug has already been announced publicly (on devel mailing list, IRC, or Jabber conference), send all information about the bug to security@pidgin.im |
| | 16 | 1. Developers on the security email list should determine an appropriate fix and create a patch. |
| 12 | 17 | 1. Once an agreed upon patch has been created, an email based on this template should be sent to the packagers mailing list: |
| 13 | | Subject: Security Vulnerability |
| 14 | | Body: A security vulnerability has been discovered in [Pidgin|Finch|libpurple|other] |
| 15 | | Affected software: [e.x. "Pidgin 2.4.2-2.6.0", or "All clients based on libpurple 2.3.3-2.3.7"] |
| 16 | | Discovered by: [Name of company or individual] |
| 17 | | Public: ["no" or "yes as of YYYY-MM-DD"] |
| 18 | | Embargo date: [Either "none" or the agreed upon date] |
| | 18 | {{{ |
| | 19 | Subject: Security Vulnerability |
| | 20 | Body: A security vulnerability has been discovered in [Pidgin|Finch|libpurple|other] |
| | 21 | Affected software: [e.x. "Pidgin 2.4.2-2.6.0", or "All clients based on libpurple 2.3.3-2.3.7"] |
| | 22 | Discovered by: [Name of company or individual] |
| | 23 | Public: ["no" or "yes as of YYYY-MM-DD"] |
| | 24 | Embargo date: [Either "none" or the agreed upon date] |
| | 25 | }}} |
| 19 | 26 | 1. Announce to the world, create new packages, update security page |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
