* Where is the best place to report a security vulnerability in git?
@ 2014-11-27 0:49 Hugh Davenport
2014-11-27 1:20 ` Jonathan Nieder
0 siblings, 1 reply; 4+ messages in thread
From: Hugh Davenport @ 2014-11-27 0:49 UTC (permalink / raw)
To: git
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Where is the best place to report a security vulnerability in git?
2014-11-27 0:49 Where is the best place to report a security vulnerability in git? Hugh Davenport
@ 2014-11-27 1:20 ` Jonathan Nieder
2014-11-27 2:04 ` Hugh Davenport
2014-11-27 3:32 ` Sitaram Chamarty
0 siblings, 2 replies; 4+ messages in thread
From: Jonathan Nieder @ 2014-11-27 1:20 UTC (permalink / raw)
To: Hugh Davenport; +Cc: git
Hi Hugh,
Hugh Davenport wrote:
> Where is the best place to report a security vulnerability in git?
Current practice is to contact Junio C Hamano <gitster@pobox.com>.
Cc-ing Jeff King <peff@peff.net> isn't a bad idea while at it.
We should probably set up a mailing list to make this more obvious,
but that's what we have today.
Thanks,
Jonathan
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Where is the best place to report a security vulnerability in git?
2014-11-27 1:20 ` Jonathan Nieder
@ 2014-11-27 2:04 ` Hugh Davenport
2014-11-27 3:32 ` Sitaram Chamarty
1 sibling, 0 replies; 4+ messages in thread
From: Hugh Davenport @ 2014-11-27 2:04 UTC (permalink / raw)
To: Jonathan Nieder; +Cc: git
Thanks. Will send a report their way soon
On 27 November 2014 2:20:53 pm NZDT, Jonathan Nieder <jrnieder@gmail.com> wrote:
>Hi Hugh,
>
>Hugh Davenport wrote:
>
>> Where is the best place to report a security vulnerability in git?
>
>Current practice is to contact Junio C Hamano <gitster@pobox.com>.
>Cc-ing Jeff King <peff@peff.net> isn't a bad idea while at it.
>
>We should probably set up a mailing list to make this more obvious,
>but that's what we have today.
>
>Thanks,
>Jonathan
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Where is the best place to report a security vulnerability in git?
2014-11-27 1:20 ` Jonathan Nieder
2014-11-27 2:04 ` Hugh Davenport
@ 2014-11-27 3:32 ` Sitaram Chamarty
1 sibling, 0 replies; 4+ messages in thread
From: Sitaram Chamarty @ 2014-11-27 3:32 UTC (permalink / raw)
To: Jonathan Nieder, Hugh Davenport; +Cc: git
On 11/27/2014 06:50 AM, Jonathan Nieder wrote:
> Hi Hugh,
>
> Hugh Davenport wrote:
>
>> Where is the best place to report a security vulnerability in git?
>
> Current practice is to contact Junio C Hamano <gitster@pobox.com>.
> Cc-ing Jeff King <peff@peff.net> isn't a bad idea while at it.
>
> We should probably set up a mailing list to make this more obvious,
> but that's what we have today.
Hi Hugh,
I maintain a somewhat widely used access control program for remote
access to git, so I'm interested also.
Gitolite [1] and similar systems provide access control for git repos.
There's a very good chance that something which is not a concern for
"local" use, could become an attack vector if enabled through gitolite.
Hence my interest, and my request that I be copied.
Jonathan/Junio/Jeff: if such a mailing list does happen please consider
adding me into it.
regards
sitaram
[1]: https://gitolite.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-11-27 3:32 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-27 0:49 Where is the best place to report a security vulnerability in git? Hugh Davenport
2014-11-27 1:20 ` Jonathan Nieder
2014-11-27 2:04 ` Hugh Davenport
2014-11-27 3:32 ` Sitaram Chamarty
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).