Re: [dev] [slock] Where to report possible security vulnerability

From: FRIGN <>
Date: Mon, 6 Jul 2015 15:25:10 +0200

On Mon, 6 Jul 2015 08:49:37 +0100
Chris Down <> wrote:

Hey Chris,

> I'm guessing that's the case, but I'd rather err on the side of caution before
> posting such things to a public list.

given how short the reaction time is here, I'd recommend you to send a
report to hackers_AT_, which is the general list for development work.

There is no special security reporting mechanism as far as I know, and
in my opinion, if it's a smaller fix which can be done in less than an hour,
there's no reason to plan time ahead.

Given all suckless software is simple to a certain degree, any security
matter should be fixable in finite time (unlike some GNU projects).



Received on Mon Jul 06 2015 - 15:25:10 CEST

This archive was generated by hypermail 2.3.0 : Mon Jul 06 2015 - 15:36:08 CEST