Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[eclipse-pmc] Disclosing resolved vulnerabilities 
Greetings Eclipse PMC. There are several bugs marked "committer-only" in
Bugzilla [1]; some have been so-marked for quite a while. These need to
be disclosed at some point.

I have posted a draft of a security policy [2]. In the policy, I have
suggested a minimum time-to-disclose of three months. But I have left
considerable latitude for the PMC to make their own policy decisions.

How do you plan to handle these bugs?

Your comments on the Security Policy are most welcome. Please post your
comments on Bug 337004 [3].

Thanks,

Wayne

[1]
https://bugs.eclipse.org/bugs/buglist.cgi?query_format=advanced;field0-0-0=bug_group;type0-0-0=equals;value0-0-0=Security_Advisories;classification=Eclipse
[2] http://www.eclipse.org/security/policy.php
[3] https://bugs.eclipse.org/bugs/show_bug.cgi?id=337004

Back to the top