On Friday, 4 January 2019 2:02:20 AM AEDT Florian Zumbiehl via Exim-dev wrote:
> Hi,
>
> > For the record, if you have a sensitive security issue, please mail
> >
> > security@???
>
> well, that's good to know, I guess, but may I suggest you put that on the
> website somewhere?
It probably would be useful to include it on the website, but if you attempt
to submit a bug it does have a disclaimer at the top: "If you have a sensitive
security issue, please mail security@???" although it doesn't have
instructions on how to encrypt with the maintainer's public keys.
> Just put a text file in
> https://www.exim.org/static/doc/security/ or something, that's linked as
> "security" from the start page, so that should be easy enough to discover.
>
> Even knowing the address, the only thing I can find on the web containing
> that address are some files in /.github/ in the repo, hosted on github, so
> that's kinda impossible to find.
>
> Adding a file in the root of the repo might also be a good idea ...
>
> Regards, Florian
