What is the best way to contact sssd developers to discuss security issues privately, in the event that a flaw is discovered?
On Mon, Mar 01, 2021 at 07:32:36PM -0800, Gordon Messmer wrote:
What is the best way to contact sssd developers to discuss security issues privately, in the event that a flaw is discovered?
Hi,
currently we have the following recommendation on https://sssd.io/docs/users/reporting_bugs.html
""" Consider if the bug has security consequences
If you think you found a bug that has security impact (allows an unprivileged user to take down SSSD or elevate privileges for instance), don’t file the bug in a public bug tracker. Instead, e-mail any of the SSSD developers instead. """
Thanks.
bye, Sumit
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.o... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
sssd-devel@lists.fedorahosted.org
-
Gordon Messmer -
Sumit Bose