Difference between revisions of "Policies/Security Policy"

Jump to: navigation, search
m (fix typo)
(This page was moved to the Community wiki)
 
Line 1: Line 1:
This policy describes how security related issues are handled after they have been reported to [mailto:security@kde.org security@kde.org].
+
{{Moved To Community}}
 
+
Issues that are brought to the attention of security@kde.org are handled discretely. The issue will be verified and the author/maintainer of the affected code will usually be contacted. If the issue is indeed considered to be a problem the need for an immediate fix is assessed. The security team will notify also affected parties which are known to reuse the affected code.
+
+
If an immediate fix is not considered necessary a security alert is issued via http://dot.kde.org, bugtraq and [mailto:kde-announce@kde.org kde-announce@kde.org].
+
+
If a fix is considered necessary, KDE release coordinators are contacted and KDE vendor packagers, Linux distributors and other prenotification mailing lists are informed once a fix is available that has passed review on [mailto:security@kde.org security@kde.org]. We then give them a reasonable amount of time to prepare binary packages. After that time we issue a security alert via dot.kde.org, bugtraq and [mailto:kde-announce@kde.org kde-announce@kde.org]. Patches in source form and any available updated binaries are published at the same time.
+
+
All security alerts are published on http://www.kde.org/info/security/.
+
 
+
KDE developers that want to join [mailto:security@kde.org security@kde.org] can send a motivated request to [mailto:security@kde.org security@kde.org]. Applications will be evaluated on a case by case basis by the current members. The main criteria is the extent to which someone can be helpful in executing the security policy as described here. That includes a willingness not to disclose issues prematurely.
+
 
+
[[Category:Policies]]
+

Latest revision as of 18:23, 10 March 2016

This page is now on the community wiki.


This page was last modified on 10 March 2016, at 18:23. Content is available under Creative Commons License SA 4.0 unless otherwise noted.