A little while ago after a discussion on the London Ruby U. Group
mailing
list [1] I tried and failed to find a concise guide to reporting
security
vulnerabilities in gems.
Recently, in an effort to plug this gap, I issued a pull request to the
Rubygems Guides [2] to address this.
Firstly, given that I feel that I know special knowledge in this area
and
have never reported a security vulnerability in a gem, I would really
appreciate your feedback on the proposed guide in the pull request.
Secondly in the guide I have suggested mailing this list with details of
the vulnerability. Do you think this is appropriate and if not where do
you
think would be a more appropriate place to post details of a
vulnerability?
J.
[1]
http://lists.lrug.org/pipermail/chat-lrug.org/2013-September/019578.html
and
http://lists.lrug.org/pipermail/chat-lrug.org/2013-December/009719.html
[2] Add a section on reporting security vulnerabilities by mocoso · Pull Request #89 · rubygems/guides · GitHub