Forum: Ruby A guide to reporting security vulnerabilities in gems?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
87cee4ccee0b5f4c442d039a9bd0b432?d=identicon&s=25 Joel Chippindale (Guest)
on 2014-07-01 09:47
(Received via mailing list)
A little while ago after a discussion on the London Ruby User Group
mailing
list [1] I tried and failed to find a concise guide to reporting
security
vulnerabilities in gems.

Recently, in an effort to plug this gap, I issued a pull request to the
Rubygems Guides [2] to address this.

Firstly, given that I feel that I know special knowledge in this area
and
have never reported a security vulnerability in a gem, I would really
appreciate your feedback on the proposed guide in the pull request.

Secondly in the guide I have suggested mailing this list with details of
the vulnerability. Do you think this is appropriate and if not where do
you
think would be a more appropriate place to post details of a
vulnerability?

J.

[1]
http://lists.lrug.org/pipermail/chat-lrug.org/2013...
and
http://lists.lrug.org/pipermail/chat-lrug.org/2013...
[2] https://github.com/rubygems/guides/pull/89
This topic is locked and can not be replied to.