Security and GNU

Reporting security issues

To report a security bug against a given package, please follow the bug-reporting guidelines for the package. If there are no security-specific instructions, just follow the general bug reporting instructions. If you don't think your report should be public, email the maintainers individually. (The package web pages and/or Free Software Directory entry should provide contact information.)

If you've reported an urgent security bug and there hasn't been any response in an appropriate amount of time, you can escalate to the general security mailing list for advice. You can also write there for help if you cannot find maintainer contact information. If you don't get an answer there either, as a last-ditch effort you can try <>.

Public security discussions

To discuss general security topics and questions (not report bugs), you can use the security-discuss mailing list. Its purpose is to provide a place to discuss security matters that are applicable to more than one project. For example, general secure programming techniques, cryptography, and network protocol issues.

 [FSF logo] “Our mission is to preserve, protect and promote the freedom to use, study, copy, modify, and redistribute computer software, and to defend the rights of Free Software users.”

The Free Software Foundation is the principal organizational sponsor of the GNU Operating System. Support GNU and the FSF by buying manuals and gear, joining the FSF as an associate member, or making a donation, either directly to the FSF or via Flattr.

back to top