Where is the best place to report a security vulnerability in git?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Where is the best place to report a security vulnerability in git?

Hugh Davenport

--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reply | Threaded
Open this post in threaded view
|

Re: Where is the best place to report a security vulnerability in git?

Jonathan Nieder-2
Hi Hugh,

Hugh Davenport wrote:

> Where is the best place to report a security vulnerability in git?

Current practice is to contact Junio C Hamano <[hidden email]>.
Cc-ing Jeff King <[hidden email]> isn't a bad idea while at it.

We should probably set up a mailing list to make this more obvious,
but that's what we have today.

Thanks,
Jonathan
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reply | Threaded
Open this post in threaded view
|

Re: Where is the best place to report a security vulnerability in git?

Hugh Davenport
Thanks. Will send a report their way soon

On 27 November 2014 2:20:53 pm NZDT, Jonathan Nieder <[hidden email]> wrote:

>Hi Hugh,
>
>Hugh Davenport wrote:
>
>> Where is the best place to report a security vulnerability in git?
>
>Current practice is to contact Junio C Hamano <[hidden email]>.
>Cc-ing Jeff King <[hidden email]> isn't a bad idea while at it.
>
>We should probably set up a mailing list to make this more obvious,
>but that's what we have today.
>
>Thanks,
>Jonathan

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Reply | Threaded
Open this post in threaded view
|

Re: Where is the best place to report a security vulnerability in git?

Sitaram Chamarty
In reply to this post by Jonathan Nieder-2
On 11/27/2014 06:50 AM, Jonathan Nieder wrote:

> Hi Hugh,
>
> Hugh Davenport wrote:
>
>> Where is the best place to report a security vulnerability in git?
>
> Current practice is to contact Junio C Hamano <[hidden email]>.
> Cc-ing Jeff King <[hidden email]> isn't a bad idea while at it.
>
> We should probably set up a mailing list to make this more obvious,
> but that's what we have today.

Hi Hugh,

I maintain a somewhat widely used access control program for remote
access to git, so I'm interested also.

Gitolite [1] and similar systems provide access control for git repos.
There's a very good chance that something which is not a concern for
"local" use, could become an attack vector if enabled through gitolite.

Hence my interest, and my request that I be copied.

Jonathan/Junio/Jeff: if such a mailing list does happen please consider
adding me into it.

regards
sitaram

[1]: https://gitolite.com
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html