diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/bugs.mdwn | 4 | ||||
-rw-r--r-- | doc/security.mdwn | 9 |
2 files changed, 11 insertions, 2 deletions
diff --git a/doc/bugs.mdwn b/doc/bugs.mdwn index f16a4f8e1..86df60408 100644 --- a/doc/bugs.mdwn +++ b/doc/bugs.mdwn @@ -3,6 +3,10 @@ elsewhere. Link items to [[bugs/done]] when done. Also see the [Debian bugs](http://bugs.debian.org/ikiwiki). +If you are reporting a security vulnerability, please email the maintainers +privately, instead of making it public by listing it here. See [[security]] +for contact details. + There are [[!pagecount pages="bugs/* and !bugs/done and !bugs/discussion and !link(patch) and !link(bugs/done) and !bugs/*/*" feedpages="created_after(bugs/no_commit_mails_for_new_pages)"]] "open" bugs: diff --git a/doc/security.mdwn b/doc/security.mdwn index 6d68fac00..e4851ecf5 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -1,11 +1,16 @@ -Let's do an ikiwiki security analysis. - If you are using ikiwiki to render pages that only you can edit, do not generate any wrappers, and do not use the cgi, then there are no more security issues with this program than with cat(1). If, however, you let others edit pages in your wiki, then some possible security issues do need to be kept in mind. +If you find a new security vulnerability, please email the maintainers +privately instead of listing it in a public bug tracker, so that we can +arrange for coordinated disclosure when a fix is available. The maintainers +are [[Joey Hess|joey]] (<joey@kitenet.net>), +[[Simon McVittie|smcv]] (<smcv@debian.org>) +and [[Amitai Schleier|schmonz]] (`schmonz-web-ikiwiki schmonz com`). + [[!toc levels=2]] ---- |