Re: [dev] [slock] Where to report possible security vulnerability

From: hiro <23hiro_AT_gmail.com>
Date: Mon, 6 Jul 2015 15:45:57 +0200

the default ubuntu package anyways fails when inputting the password
with segmentation fault.
can't get worse than that :)

On 7/6/15, FRIGN <dev_AT_frign.de> wrote:
> On Mon, 6 Jul 2015 08:49:37 +0100
> Chris Down <chris_AT_chrisdown.name> wrote:
>
> Hey Chris,
>
>> I'm guessing that's the case, but I'd rather err on the side of caution
>> before
>> posting such things to a public list.
>
> given how short the reaction time is here, I'd recommend you to send a
> report to hackers_AT_, which is the general list for development work.
>
> There is no special security reporting mechanism as far as I know, and
> in my opinion, if it's a smaller fix which can be done in less than an
> hour,
> there's no reason to plan time ahead.
>
> Given all suckless software is simple to a certain degree, any security
> matter should be fixable in finite time (unlike some GNU projects).
>
> Cheers
>
> FRIGN
>
> --
> FRIGN <dev_AT_frign.de>
>
>
Received on Mon Jul 06 2015 - 15:45:57 CEST

This archive was generated by hypermail 2.3.0 : Mon Jul 06 2015 - 15:48:09 CEST