Koha Test Wiki MW Canasta on Koha Portainer

Test major Koha Wiki changes or bug fixes here without fear of breaking the production wiki.

For the current Koha Wiki, visit https://wiki.koha-community.org .

Security Mailing List Proposal

From Koha Test Wiki MW Canasta on Koha Portainer
Jump to navigation Jump to search

- Background

  • An individual has started combing the Koha code for SQL injections and reporting them to us
  • Had asked how to report, was told (for lack of better alternative) to email current and past RMs, RMaints, and QAMs

- Proposal: We publish a way to report security bugs

  • preference to simply use Bugzilla
  • issues judged by the reporter to be more sensitve to be sent to a mailing list

- Mailing list

  • form a new mailing list to be called koha-security
  • initial membership to be RMs, RMaints, QAMs, past, present, and future
  • other interested devs can join on request
  • focus is on timely response to security issues, not abrogating the scope of koha-devel
  • publicly archived, but with a delay of six months to allow fixes to be made before exploits are published
  • preference is to have discussion on koha-devel; security list meant for fast response and discussion of sensitive issues that would threaten library catalogs if an exploit got published prematurely
  • concurrent with starting koha-security, closing the old koha-manage list

- Security advisories

  • Get registered for CVEs?

- Start a position of Security Manager?

Retrieved from "https://wiki.test.koha-community.org/w/index.php?title=Security_Mailing_List_Proposal&oldid=4028"