Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a section on reporting security vulnerabilities #89

Conversation

mocoso
Copy link
Contributor

@mocoso mocoso commented Jun 29, 2014

…to the security page.

The information about requesting a CVE is taken from
https://cve.mitre.org/cve/request_id.html

It seems much less clear how to tell the world about your
issue and with no well recognised route, as far as I can tell.
In the absence of any well trodden route I have suggested the
ruby-talk mailing list since some people already use this to
announce new versions of gems.

Further discussion can be found in issue #62

mocoso added 2 commits June 29, 2014 08:33
…to the security page.

The information about requesting a CVE is taken from
https://cve.mitre.org/cve/request_id.html

It seems much less clear how to tell the world about your
issue and with no well recognised route, as far as I can tell.
In the absence of any well trodden route I have suggested the
ruby-talk mailing list since people already use this to
announce new versions of gems.

Further discussion can be found in issue rubygems#62
first step should be to check whether this is a known vulnerability.

If this looks like a newly discovered vulnerability then you should
content the author(s) privately (i.e. not via a pull request or issue on public

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo: content -> contact.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Fixed in 4737de2

@bf4
Copy link
Contributor

bf4 commented Jul 14, 2014

Looks good to me, any thoughts from rubysec? rubysec/rubysec.github.io#7

drbrain added a commit that referenced this pull request Jul 14, 2014
…lnerabilities

Add a section on reporting security vulnerabilities
@drbrain drbrain merged commit bfd676c into rubygems:gh-pages Jul 14, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants