← Policies/Security Policy You do not have permission to edit this page, for the following reasons: The action you have requested is limited to users in one of the groups: Users, Administrators, trusted, KDEDevelopers. This page has been protected to prevent editing or other actions. You can view and copy the source of this page. This policy describes how security related issues are handled after they have been reported to [mailto:firstname.lastname@example.org email@example.com]. Issues that are brought to the attention of firstname.lastname@example.org are handled discretely. The issue will be verified and the author/maintainer of the affected code will usually be contacted. If the issue is indeed considered to be a problem the need for an immediate fix is assessed. The security team will notify also affected parties which are known to reuse the affected code. If an immediate fix is not considered necessary a security alert is issued via http://dot.kde.org, bugtraq and [mailto:email@example.com firstname.lastname@example.org]. If a fix is considered necessary, KDE release coordinators are contacted and KDE vendor packagers, Linux distributors and other prenotification mailing lists are informed once a fix is available that has passed review on [mailto:email@example.com firstname.lastname@example.org]. We then give them a reasonable amount of time to prepare binary packages. After that time we issue a security alert via dot.kde.org, bugtraq and [mailto:email@example.com firstname.lastname@example.org]. Patches in source form and any available updated binaries are published at the same time. All security alerts are published on http://www.kde.org/info/security/. KDE developers that want to join [mailto:email@example.com firstname.lastname@example.org] can send a motivated request to [mailto:email@example.com firstname.lastname@example.org]. Applications will be evaluated on a case by case basis by the current members. The main criteria is the extent to which someone can be helpful in excuting the security policy as described here. That includes a willingness not to disclose issues prematurely. [[Category:Policies]] Template used on this page: Template:Moved To Community (view source) Return to Policies/Security Policy. Retrieved from "https://techbase.kde.org/Policies/Security_Policy"