[ProgSoc] Why you shouldn't pus config info in a .ini file (for a web app)
Nigel Sheridan-Smith
wtfiwtz at gmail.com
Sat Aug 20 07:10:54 EST 2011
On Fri, Aug 19, 2011 at 9:51 PM, John Elliot <jj5 at jj5.net> wrote:
> On 19/08/2011 8:51 PM, Leefe Hicks wrote:
>
>> What is the correct procedure for reporting to an Open Source project a
>> security flaw that you can drive a truck through?
>>
>
> I'd probably try to find an email address for one of the active devs and
> email them privately.
>
>
>
The larger projects will have a "security" page with a contact email address
for reporting any issues. You could also file a bug if this is available to
you.
Cheers,
Nigel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://progsoc.org/pipermail/progsoc/attachments/20110820/9a99212e/attachment.html>
More information about the Progsoc
mailing list