• Home
• Download
• Packages
• Help
• F.A.Q.
• Documentation
• Contents
• Responsibility
• Responses
• Source
• Updates
• Notification
• Mailing Lists
• Print Version

General Fink security policy for accepted packages.

This document explains security incident handling for packages that have been accepted by Fink. While the main responsibility for every accepted package in Fink remains with the respective maintainer, Fink recognizes the necessity to offer a uniform policy on how to react to security incidents found in software which are offered as Fink packages. Every package maintainer is required to comply with it.

Contents

• 1 Responsibility
  • 1.1 Who is responsible?
  • 1.2 Whom shall I contact?
  • 1.3 Pre-notifications
  • 1.4 Response
• 2 Response times and immediate actions.
  • 2.1 Response times
  • 2.2 Forced updates
• 3 Incident Sources
  • 3.1 Acceptable Incident Sources.
• 4 Security update procedure.
  • 4.1 Adding security related updates.
  • 4.2 Unstable to stable moves.
• 5 Sending notifications
  • 5.1 Who may send them?
  • 5.2 How to submit

Copyright © 2001-2020
The Fink Project

Available Languages: | English | Français | Deutsch | 日本語 (Nihongo) | Português | 中文 (简) (Simplified Chinese) |
Last changed by monipol on 31 March 2009, 01:41 GMT