#sandstorm on 2021-08-12 — irc logs at libera.irclog.whitequark.org

2021-05-26 15:17 ChanServ changed the topic of #sandstorm to: Welcome to #sandstorm: home of all things Sandstorm and Cap'n Proto. Say hi! | Have a question but no one is here? Try asking in the discussion group: https://groups.google.com/group/sandstorm-dev | Channel logs available at https://libera.irclog.whitequark.org/sandstorm

00:26 rektide has joined #sandstorm

03:50 TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]

03:50 TMM_ has joined #sandstorm

10:15 xet7 has joined #sandstorm

10:48 xet7 has quit [Remote host closed the connection]

13:10 TMM_ has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]

13:10 TMM_ has joined #sandstorm

17:01 xet7 has joined #sandstorm

17:21 xet7 has quit [Ping timeout: 245 seconds]

18:00 xet7 has joined #sandstorm

19:52 Durandal has joined #sandstorm

19:52 Durandal has quit [Client Quit]

19:54 Durandal has joined #sandstorm

19:56 Durandal has quit [Client Quit]

20:25 Durandal has joined #sandstorm

20:26 <Durandal> Hello,

20:26 <Durandal> where can i report a security issue with sandstorm please?

20:26 <ocdtrekkie> Hi!

20:27 <kentonv> security@sandstorm.io

20:27 <Durandal> Ok thx!

20:28 Durandal has quit [Client Quit]

20:28 Durandal has joined #sandstorm

20:28 <ocdtrekkie> @kentonv I figured that address existed but it is not easy to confirm right now.

20:28 <Durandal> Good evening to you all!

20:29 <kentonv> ocdtrekkie, yeah it should probably be in the docs somewhere if it isn't currently....

20:29 <Durandal> couldn't find any adress directly so i showed up here in irc ;-)

20:30 <Durandal> might be somethibg i found but not 100% sure

20:30 <ocdtrekkie> SECURITY.md in the repo and/or security.txt on the web domain might be a good choice.

20:30 <kentonv> I'm looking forward to reading your report, Durandal

20:31 <ocdtrekkie> (Durandal, did you try checking for either of those... they don't exist but I'm curious which would've been most readily found by you)

20:32 <Durandal> Ok i try looking again tomorrow and let you know. Was not looking to intensive this evening as we had sone friends over for a visit

20:33 <Durandal> Havent tried with google fu to search for it

20:34 <Durandal> Do you use pgp for reporting or can i send directly?

20:37 <kentonv> You can just send directly. I don't think anyone is going to be MITMing security reports to a small open source project. :)

20:41 <Durandal> Thats true ;-) its my second time i found something odd the first time was with SAP they take reports only via PGP

20:49 Durandal has quit [Quit: Connection closed]

20:50 jfred has quit [Remote host closed the connection]

20:53 jfred has joined #sandstorm

21:02 xet7 has quit [Quit: Leaving]

21:33 cwebber has quit [Ping timeout: 240 seconds]

21:44 strugee has quit [Ping timeout: 248 seconds]

21:45 strugee_ has joined #sandstorm

23:54 abliss has quit [Ping timeout: 240 seconds]

23:54 iFire[m] has quit [Ping timeout: 252 seconds]

23:55 timmc[m] has quit [Ping timeout: 256 seconds]

23:55 jryans has quit [Ping timeout: 268 seconds]

23:55 isd has quit [Ping timeout: 276 seconds]

23:55 ocdtrekkie has quit [Ping timeout: 272 seconds]