Provide Security information
Closed this issue · 4 comments
We have https://www.mumble.info/security for a list of published security vulnerability information which we link to from nowhere atm afaik,
and I added /.well-known/security.txt which has contact information.
Both should be reachable from the homepage/wiki.
See also #18; we could add our GPG sign keys for builds/releases on the topic of security, maybe add some information about security measures in use by Mumble itself.
Should we split /security into two different sections? One for reporting security issues along with the current implementation at /security, this could stay at /security, and another for the security measures taken within Mumble itself which would be aimed at end users.
Thoughts?
Not a blocker. Moving it out of the Release milestone.
Both should be reachable from the homepage/wiki.
We have a Security link at the bottom to the advisories. This has been implemented for quite a while, and definitely since public release.
We are still missing contact information on that page.