[web] master update

Mark J . Cox Tue, 16 Mar 2021 03:59:42 -0700

The branch master has been updated
       via  15064d72540a2d5405d749acd74caeb8683ae886 (commit)
       via  866c7caa7a09f7f56be99d7cb750be9c901503e0 (commit)
       via  f37be0806125a21d7107327a97cc0d7cdc9275e8 (commit)
       via  f4faa3d32216b9a47c6103400659e8f274c36052 (commit)
      from  abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit)



- Log -----------------------------------------------------------------
commit 15064d72540a2d5405d749acd74caeb8683ae886
Merge: abbb2d4 866c7ca
Author: Mark J. Cox <m...@openssl.org>
Date:   Tue Mar 16 10:48:55 2021 +0000

    Merge pull request #222 from iamamoose/securitypolicychange
    
    Update security policy to note we prenotify projects like LibreSSL and 
BoringSSL

commit 866c7caa7a09f7f56be99d7cb750be9c901503e0
Author: Mark J. Cox <m...@awe.com>
Date:   Tue Mar 16 10:47:33 2021 +0000

    Vote passed, update the change date

commit f37be0806125a21d7107327a97cc0d7cdc9275e8
Author: Mark J. Cox <m...@awe.com>
Date:   Thu Mar 4 11:07:25 2021 +0000

    "based on" could be misinterpreted as projects that simply use OpenSSL but
    the intent of this change is for projects that are derived from OpenSSL

commit f4faa3d32216b9a47c6103400659e8f274c36052
Author: Mark J. Cox <m...@awe.com>
Date:   Tue Mar 2 11:18:48 2021 +0000

    For many years we have notified LibreSSL and BoringSSL, but we should be 
clear that we do so in the policy

-----------------------------------------------------------------------

Summary of changes:
 policies/secpolicy.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policies/secpolicy.html b/policies/secpolicy.html
index 54fb592..ff4eb5f 100644
--- a/policies/secpolicy.html
+++ b/policies/secpolicy.html
@@ -12,7 +12,7 @@
          <header>
            <h2>Security Policy</h2>
            <h5>
-             Last modified 12th May 2020
+             Last modified 16th March 2021
            </h5>
        </header>
          <div class="entry-content">
@@ -126,6 +126,8 @@
            that uses OpenSSL as included on
            <a
            
href="http://oss-security.openwall.org/wiki/mailing-lists/distros";>this list of 
Operating System distribution security contacts</a>.</li>
+            <li>We also include other open source projects that are derived 
from OpenSSL which
+            have a significant user base and a reciprocal arrangement. </li>
            <li>We may also include other organisations that are not listed but
            would otherwise qualify for list membership.  </li>
             <li>We may also include organisations with which we have a

[web] master update

Reply via email to