[gnutls-devel] GnuTLS | cli, serv: make it explicit that they are a testing program (!2086)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Mar 28 09:15:34 CET 2026
Daiki Ueno commented on a discussion on SECURITY.md: https://gitlab.com/gnutls/gnutls/-/merge_requests/2086#note_3199777416
> # Which issues are security issues
>
> A metric we consult to assessing security vulnerabilities is
> -the [CVSS](https://www.first.org/cvss) metric. Only vulnerabilities
> +the [CVSS](https://www.first.org/cvss) v3.1 metric. Only vulnerabilities
> at the high or critical level are handled with this process. Other
> issues are handled with the normal release process.
>
> +Some of the bundled programs, including gnutls-cli and gnutls-serv,
> +are for testing and diagnostic purposes. Issues reported against those
> +programs are not treated as a vulnerability.
Applied, thanks.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/2086#note_3199777416
You're receiving this email because of your account on gitlab.com. Unsubscribe from this thread: https://gitlab.com/-/sent_notifications/4-257u4zsm4rfcdh9t1ortxjnbv-a84t7/unsubscribe | Manage all notifications: https://gitlab.com/-/profile/notifications | Help: https://gitlab.com/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20260328/e34671a6/attachment-0001.html>
More information about the Gnutls-devel
mailing list