Provide Security information

Question

Provide Security information

Closed this issue 4 years ago · 4 comments

We have https://www.mumble.info/security for a list of published security vulnerability information which we link to from nowhere atm afaik,
and I added /.well-known/security.txt which has contact information.

Both should be reachable from the homepage/wiki.

See also #18; we could add our GPG sign keys for builds/releases on the topic of security, maybe add some information about security measures in use by Mumble itself.

Answer 1 · 2019-03-27T03:40:44.000Z

Should we split /security into two different sections? One for reporting security issues along with the current implementation at /security, this could stay at /security, and another for the security measures taken within Mumble itself which would be aimed at end users.

Thoughts?

Answer 2 · 2019-08-30T21:39:31.000Z

Not a blocker. Moving it out of the Release milestone.

Answer 3 · 2020-05-31T14:42:04.000Z

Both should be reachable from the homepage/wiki.

We have a Security link at the bottom to the advisories. This has been implemented for quite a while, and definitely since public release.

We are still missing contact information on that page.

Answer 4 · 2020-05-31T15:22:00.000Z

Implemented in 86fbd06