Explain how security issues should be reported, based on a patch by Ivann, featuring Reimar's suggestions

+ email scrambling using this form: http://www.golivecentral.com/pages/txttut/scramble.shtml (I hope it will be enough not to get too much spam though this link)


git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@18062 b3059339-0415-0410-9bf9-f77b7e298cf2
This commit is contained in:
gpoirier 2006-04-09 12:45:49 +00:00
parent ad2fdb9e97
commit 66cfb51195
1 changed files with 14 additions and 0 deletions

View File

@ -11,6 +11,20 @@ receive obscene amounts of email. So while your feedback is crucial in improving
that you have to provide <emphasis role="bold">all</emphasis> of the information
we request and follow the instructions in this document closely.
</para>
<sect1 id="bugreports_security">
<title>Report security releated bugs</title>
<para>
In case you have found an exploitable bug and you would like to do the
right thing and let us fix it before you disclose it, we would be happy
to get your security advisory at
<ulink url="mailto:&#115;&#101;&#99;&#117;&#114;&#105;&#116;&#121;&#64;&#109;&#112;&#108;&#97;&#121;&#101;&#114;&#104;&#113;&#46;&#104;&#117;">&#115;&#101;&#99;&#117;&#114;&#105;&#116;&#121;&#64;&#109;&#112;&#108;&#97;&#121;&#101;&#114;&#104;&#113;&#46;&#104;&#117;</ulink>.
Please add [SECURITY] or [ADVISORY] in the subject.
Be sure that your report contains complete and detailed analysis of the bug.
Sending a fix is highly appreciated.
Please don't delay your report to write proof-of-concept exploit, you can
send that one with another mail.
</para>
</sect1>
<sect1 id="bugreports_fix">
<title>How to fix bugs</title>
<para>