BTW, an important feature of these mailing lists is that anyone can post… but only the “vendor security” group can read the posts.
Thus, it is easy for an outsider with a real security issue to provide detailed information to vendor-sec@myopensourceproject.org, while preventing unscrupulous people from reading the sensitive information.
I suppose a PM to <somebody>, plus discussion on a closed forum, is the best this forum software can handle.
Actually, it works well to just PM me. I’m the one who’s going to be fixing it. If you find a security flaw, I would definitely like to hear from you privately to fix it before it goes public.
8,173 total views, 6 views today
https://bitcointalk.org/index.php?topic=628.msg6508#msg6508