Hi!
As another step towards reaching "100% CII best practices", I've just pushed a
suggested "security process" for the c-ares project to the git repo. You can
view it easily here: https://github.com/c-ares/c-ares/blob/master/SECURITY.md
The document is a blatant rip-off from the one we use in the curl project with
a little search/replace applied. (I wrote the original so it's fine.) We have
used it for years and dealt with plenty of problems there following those
steps.
I don't think there is anything special or surprising in there, and the
biggest news to the world is probably that we have an official email address
to contact in the case you find and want to report a security vulnerability.
As always, pull-requests are appreciated but you can of course also comment
here and suggest fixes/changes or whatever.
Fire away!
--
/ daniel.haxx.se
