[keycloak-dev] Setup 'keycloak-security' mailing list

Bruno Oliveira bruno at abstractj.org
Thu Aug 17 09:56:20 EDT 2017


Go for it! +1 I'd add a very visible section at the website and README
files, about reporting vulnerabilities. Today we have this
http://www.keycloak.org/community.html. But it's not that obvious.

I'd suggest something like https://www.emberjs.com/security/

On Thu, Aug 17, 2017 at 7:22 AM Stian Thorgersen <sthorger at redhat.com>
wrote:

> We need to have a dedicated place to report and discuss security
> vulnerabilities. This should be a list anyone can send to, but only
> specific people can subscribe to.
>
> I'd like to create a new mailing list 'keycloak-security' for this purpose
> and have everyone on the team subscribed.
>
> Thoughts? Suggestions to alternative approaches?
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list