The branch master has been updated via 15064d72540a2d5405d749acd74caeb8683ae886 (commit) via 866c7caa7a09f7f56be99d7cb750be9c901503e0 (commit) via f37be0806125a21d7107327a97cc0d7cdc9275e8 (commit) via f4faa3d32216b9a47c6103400659e8f274c36052 (commit) from abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit)
- Log ----------------------------------------------------------------- commit 15064d72540a2d5405d749acd74caeb8683ae886 Merge: abbb2d4 866c7ca Author: Mark J. Cox <m...@openssl.org> Date: Tue Mar 16 10:48:55 2021 +0000 Merge pull request #222 from iamamoose/securitypolicychange Update security policy to note we prenotify projects like LibreSSL and BoringSSL commit 866c7caa7a09f7f56be99d7cb750be9c901503e0 Author: Mark J. Cox <m...@awe.com> Date: Tue Mar 16 10:47:33 2021 +0000 Vote passed, update the change date commit f37be0806125a21d7107327a97cc0d7cdc9275e8 Author: Mark J. Cox <m...@awe.com> Date: Thu Mar 4 11:07:25 2021 +0000 "based on" could be misinterpreted as projects that simply use OpenSSL but the intent of this change is for projects that are derived from OpenSSL commit f4faa3d32216b9a47c6103400659e8f274c36052 Author: Mark J. Cox <m...@awe.com> Date: Tue Mar 2 11:18:48 2021 +0000 For many years we have notified LibreSSL and BoringSSL, but we should be clear that we do so in the policy ----------------------------------------------------------------------- Summary of changes: policies/secpolicy.html | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/policies/secpolicy.html b/policies/secpolicy.html index 54fb592..ff4eb5f 100644 --- a/policies/secpolicy.html +++ b/policies/secpolicy.html @@ -12,7 +12,7 @@ <header> <h2>Security Policy</h2> <h5> - Last modified 12th May 2020 + Last modified 16th March 2021 </h5> </header> <div class="entry-content"> @@ -126,6 +126,8 @@ that uses OpenSSL as included on <a href="http://oss-security.openwall.org/wiki/mailing-lists/distros">this list of Operating System distribution security contacts</a>.</li> + <li>We also include other open source projects that are derived from OpenSSL which + have a significant user base and a reciprocal arrangement. </li> <li>We may also include other organisations that are not listed but would otherwise qualify for list membership. </li> <li>We may also include organisations with which we have a