[ProgSoc] Why you shouldn't pus config info in a .ini file (for a web app)

Nigel Sheridan-Smith wtfiwtz at gmail.com
Sat Aug 20 07:10:54 EST 2011


On Fri, Aug 19, 2011 at 9:51 PM, John Elliot <jj5 at jj5.net> wrote:

> On 19/08/2011 8:51 PM, Leefe Hicks wrote:
>
>> What is the correct procedure for reporting to an Open Source project a
>> security flaw that you can drive a truck through?
>>
>
> I'd probably try to find an email address for one of the active devs and
> email them privately.
>
>
>

The larger projects will have a "security" page with a contact email address
for reporting any issues. You could also file a bug if this is available to
you.

Cheers,

Nigel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://progsoc.org/pipermail/progsoc/attachments/20110820/9a99212e/attachment.html>


More information about the Progsoc mailing list