| Line 8: | Line 8: | ||
The [[Security/Architecture|MeeGo Security Architecture]] is documented here in the wiki. | The [[Security/Architecture|MeeGo Security Architecture]] is documented here in the wiki. | ||
| + | |||
| + | = MeeGo Security Bug Policy = | ||
| + | |||
| + | * All MeeGo security defects are private to the Security_Group by default in addition to the submitter and the cc list. | ||
| + | ** This is standard practice for Linux distributions and other operating systems | ||
| + | ** The reason for this is that information in security bugs can be used as a road map to exploit MeeGo systems. | ||
| + | * To request addition to the Security_Group, please send mail to security@meego.com explaining your need. | ||
| + | ** People who want addition to this group will need to ''demonstrate'' that they need generic access to security bugs, not just access to specific security bugs. | ||
| + | *** People who need access to specific security bugs can request access they be added to the cc list. | ||
| + | * The list of members in the Security_Group will be audited by the MeeGo Security Lead every quarter. | ||
| + | * Once a security defect is resolved (by making a patch available or marking the bug as closed), it will also be made public by removing the Security_Group restrictions. | ||
This page is a placeholder for the MeeGo Security related info
Contents |
Other portions of MeeGo Security shall be here soon.
The MeeGo Security Architecture is documented here in the wiki.