| | 1 | PowerDNS and dnsdist Security Policy |
| | 2 | ==================================== |
| | 3 | |
| | 4 | If you have a security problem to report, please email us at both peter.van.dijk@powerdns.com and remi.gacogne@powerdns.com. |
| | 5 | In case you want to encrypt your report using PGP, please use: https://www.powerdns.com/powerdns-keyblock.asc |
| | 6 | |
| | 7 | Please do not mail security issues to public lists, nor file a ticket, unless we do not get back to you in a timely manner. |
| | 8 | We fully credit reporters of security issues, and respond quickly, but please allow us a reasonable timeframe to coordinate a response. |
| | 9 | |
| | 10 | We remind PowerDNS and dnsdist users that under the terms of the GNU General Public License, PowerDNS and dnsdist come with ABSOLUTELY NO WARRANTY. |
| | 11 | This license is included in this documentation. |
| | 12 | |
| | 13 | HackerOne |
| | 14 | --------- |
| | 15 | Security issues can also be reported on [our HackerOne page](https://hackerone.com/powerdns) and might fetch a bounty. |
| | 16 | Do note that only the PowerDNS software (PowerDNS Authoritative Server, the PowerDNS Recursor and dnsdist) is in scope for the HackerOne program, not our websites or other infrastructure. |
| | 17 | |
| | 18 | Disclosure Policy |
| | 19 | ----------------- |
| | 20 | - Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue. |
| | 21 | - Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party. |
| | 22 | - We will always credit researchers in our security advisories. |
projects / thirdparty / pdns.git / blame_incremental