On Sunday, 10 June 2018 at 00:59:11 UTC, Cym13 wrote:
On Sunday, 10 June 2018 at 00:31:55 UTC, Vladimir Panteleev
wrote:
[...]
This is the thing exactly, first of all the idea that the main
developer of the part of the project impacted should be the one
receiving the report is sound but far from obvious. In many
countries there is a (stupid) legal risk associated with
vulnerability disclosure, so as a researcher you'd rather be
sure that you're talking to the right person.
[...]
Another step at setting such a security point of contact up:
https://github.com/dlang/dlang.org/pull/2398
Input is welcome.
