[gnutls-devel] handling security issues

Nikos Mavrogiannopoulos n.mavrogiannopoulos at gmail.com
Tue Feb 21 13:38:45 CET 2017

 I've tried to make the current ad-hoc handling of security issues
with something more formally defined at:

My goal is to establish some more objective criteria than my opinion
on when an issue will be handled as a security issue and an advisory
will be issued. In the text above I've used the CVSS scoring which
seems to be generic and objective enough. Any comments or suggestions
on the above text?


More information about the Gnutls-devel mailing list