Evergreen DokuWiki

User Tools

Site Tools

You are here: start » dev » security
dev:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
dev:security [2015/03/30 17:59] – [Security team] clarify application process dbw2dev:security [2023/06/01 13:22] (current) – [How are security fixes released?] master to main dyrcona
Line 4: Line 4:
  
 You can report a security-related issue in Evergreen via the bug tracking system at https://bugs.launchpad.net/evergreen -- be sure to check the box labeled "This bug is a security vulnerability". You can report a security-related issue in Evergreen via the bug tracking system at https://bugs.launchpad.net/evergreen -- be sure to check the box labeled "This bug is a security vulnerability".
 +
 +While we prefer that security bugs be reported via Launchpad, they can also be reported to [[mailto:security@evergreen-ils.org|security@evergreen-ils.org]].
  
 NOTE: If you are an active Evergreen "bug wrangler" or similar, you may instead have an option to change "This bug contains information that is:" from "Public" to "Private Security". NOTE: If you are an active Evergreen "bug wrangler" or similar, you may instead have an option to change "This bug contains information that is:" from "Public" to "Private Security".
Line 28: Line 30:
 ====How are security fixes released?==== ====How are security fixes released?====
  
-After testing, the code will be merged to the relevant public Evergreen branches (origin/master, origin/rel_2_3, …) and the Launchpad entries will be marked as Fix Committed.  From here, the process proceeds the same as a regular non-security release, though every effort will be made to cut the releases in a timely fashion.+After testing, the code will be merged to the relevant public Evergreen branches (origin/main, origin/rel_2_3, …) and the Launchpad entries will be marked as Fix Committed.  From here, the process proceeds the same as a regular non-security release, though every effort will be made to cut the releases in a timely fashion.
 ====How are security releases announced?==== ====How are security releases announced?====
  
Line 54: Line 56:
 Membership applications may be made by contacting one of the current Membership applications may be made by contacting one of the current
 security team members; a list of the current members' names will be security team members; a list of the current members' names will be
-maintained on the Evergreen wiki.  Application for membership should include indication that you have read and agree to the conditions stated above.+maintained on the Evergreen wiki.  [(**Proposed addition, pending approval**) Application for membership should include indication that you have read and agree to the conditions stated above.]
  
 Violations of the promises in (2) and (3) may result in immediate Violations of the promises in (2) and (3) may result in immediate
Line 80: Line 82:
   * Thomas Berezansky   * Thomas Berezansky
   * Galen Charlton   * Galen Charlton
 +  * Jeff Davis
   * Bill Erickson   * Bill Erickson
   * Jeff Godin   * Jeff Godin
 +  * Rogan Hamby
   * Kathy Lussier   * Kathy Lussier
   * Mike Rylander   * Mike Rylander
Line 88: Line 92:
   * Ben Shum   * Ben Shum
   * Jason Stephenson   * Jason Stephenson
 +  * Yamil Suarez
   * Dan Wells   * Dan Wells
 +  * Liam Whalen
dev/security.1427752756.txt.gz · Last modified: 2022/02/10 13:34 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

© 2008-2022 GPLS and others. Evergreen is open source software, freely licensed under GNU GPLv2 or later.
The Evergreen Project is a U.S. 501(c)3 non-profit organization.