security advisory

Antonio P.P. Almeida appa at perusio.net
Thu Mar 15 13:04:07 UTC 2012


Replying to myself here.

Maxim, Igor, Andrei, Valentin, Ruslan, &c,

I think that there's room for improvement on the security advisory front.

 1. Make it official: nginx-sa-01-2012 with an official numbering scheme.

 2. Get a CVE identifier.

 3. Publish it also on security lists like full-disclosure and bugtraq,
    for example

I know that Nginx has been a labour of love of a few people until recently.
But now that you're an established company I think that having in place a
more formal procedure for security advisories would bring great benefits
to Nginx as a free software project with its community and as a company
also.

Just my unsolicited $.02

Salutations distinguées,

António



More information about the nginx mailing list