| From: | Steve Atkins <steve(at)blighty(dot)com> |
|---|---|
| To: | pgsql-www(at)postgresql(dot)org |
| Subject: | Security contacts |
| Date: | 2018-04-20 16:28:37 |
| Message-ID: | 38C67EFF-E902-4F2F-B1CD-AA993118415D@blighty.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
Somebody on IRC had a security issue they wanted to get to somebody.
Looking around the site I didn't find any mention of security(at)postgresql(dot)org anywhere obvious. I knew what I was looking for, so found it via Support -> Bug Reporting -> bug reporting guidelines -> right down at the bottom of the manual page.
Might it be worth adding a section to /about/contact/ with either a pointer to security(at)postgresql(dot)org or to a snippet of text taken from the "5.3 Where to Report Bugs" section of the manual?
Separately, adding /security.txt and /.well-known/security.txt might be a good idea - while the RFC draft for it ( https://securitytxt.io ) isn't particularly mature, it is a place where infosec people will look. And it's basically a text file with a few urls and some human readable comments, so it's easy enough to create.
Cheers,
Steve
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonathan S. Katz | 2018-04-20 18:46:50 | Re: Surfacing mailing lists on the new site |
| Previous Message | Sarah Schnurr | 2018-04-20 16:19:09 | Re: Surfacing mailing lists on the new site |