Front page | perl.perl5.porters |
Postings from April 2016
Several places such as INSTALL and perldelta have text which are variants
of:
If the bug you are reporting has security implications, which make it
inappropriate to send to a publicly archived mailing list, then please
send it to perl5-security-report@perl.org. This points to a closed
subscription unarchived mailing list, which includes all the core
committers, who be able to help assess the impact of issues, figure out
a resolution, and help co-ordinate the release of patches to mitigate or
fix the problem across all platforms on which Perl is supported. Please
only use this address for security issues in the Perl core, not for
modules independently distributed on CPAN.
This is a bit out of date, as that address now generates a new ticket on
the perl5-security RT queue, and is archived, although is initially
private by default.
I suggest replacing this text with something like:
If the bug you are reporting has security implications which make it
inappropriate to send to a publicly archived mailing list, then please
send it instead to perl5-security-report@perl.org. This creates a new
Request Tracker ticket in a special queue which isn't initially publicly
accessible. The email will also be copied to a closed subscription
unarchived mailing list which includes all the core committers, who will
be able to help assess the impact of issues, figure out a resolution, and
help co-ordinate the release of patches to mitigate or fix the problem
across all platforms on which Perl is supported. Please only use this
address for security issues in the Perl core, not for modules
independently distributed on CPAN.
When sending an initial request to the security email address, please
don't CC any other parties, because if they reply to all, the reply
will generate yet another new ticket.
--
Lear: Dost thou call me fool, boy?
Fool: All thy other titles thou hast given away; that thou wast born with.
Thread Next