Trac is being migrated to new services! Issues can be found in our new
YouTrack instance and WIKI pages can be found on our
website.
- Timestamp:
-
Dec 19, 2009, 6:25:43 PM (14 years ago)
- Author:
-
MarkDoliner
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v6
|
v7
|
|
| 35 | 35 | }}} |
| 36 | 36 | b. If the bug has already been announced publicly (on devel mailing list, IRC, or Jabber conference), send all information about the bug to security@pidgin.im |
| 37 | | 2. Developers on the security email list should determine an appropriate fix and create a patch. |
| 38 | | 2. Once an agreed upon patch has been created, an email based on this template should be sent to the packagers mailing list |
| | 37 | 2. Developers on the security email list should determine an appropriate fix and create a patch. Do not share it publicly, but do get it reviewed and tested by other developers. |
| | 38 | 2. Once an agreed upon patch has been created, an email based on this template should be sent to the packagers mailing list with the diff attached: |
| 39 | 39 | {{{ |
| 40 | 40 | A security vulnerability has been discovered in [Pidgin|Finch|libpurple|other] |
| … |
… |
|
| 44 | 44 | Embargo date: [Either "none" or the agreed upon date] |
| 45 | 45 | }}} |
| 46 | | 2. Announce to the world, create new packages, update security page |
| | 46 | 2. As the embargo date approaches, a developer should be chosen to commit the fix to their repository. Do not push yet, but go through the normal release process and prepare the ChangeLog, NEWS, etc. This developer should also create (but not upload) tarballs. It's often nice to provide the tarball to packagers prior to the embargo date. |
| | 47 | 2. On the day of the embargo, push the changes to the repository and update http://pidgin.im/news/security/ |
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!
