[Nut-upsdev] NUT Project Security Policy
Jim Klimov
jimklimov+nut at gmail.com
Fri Jun 5 11:18:26 BST 2026
Hello all,
We have recently had more eyes (and AI's) looking at our project,
uncovering a few regrettable mistakes that might have or not have security
implications. They were disclosed in as reasonable a manner as possible at
that time, given that we did not have any policy published about that, nor
tools/channels to do so.
A wording for the reporting policy as well as explanation of the
interaction between upstream NUT (trunk sources) and releases (snapshots)
and packages (someone else's work) has now been proposed at
https://github.com/networkupstools/nut/pull/3470 and would be merged
shortly (after CI is satisfied with spell-checks, tarballs, etc.), but
contributions for future revisions are welcome.
As part of this experience, the GitHub-provided channel for such
responsible reporting was unlocked under
https://github.com/networkupstools/nut/security - these reports would only
be visible to the reporter(s) and NUT core team, until fixed and published
as a security advisory.
Hope this helps,
Jim Klimov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/nut-upsdev/attachments/20260605/26301ff9/attachment.htm>
More information about the Nut-upsdev
mailing list