| ▲ | qualeed 2 days ago | |||||||
Is/will there be any discussion on how initial triage of potential security issues will be handled in the future? It was disappointing to see the responses in the post. A curt "It's a feature" to a valid security concern & disclosure, and not replying to a request to publish. Jitsi says "We encourage responsible disclosure for the sake of our users, so please reach out before posting in a public space.". But if no one bothers to reply, why bother to reach out to Jitsi in the first place? https://jitsi.org/ says, literally in the hero image banner, "More secure" as the first thing you see. The handling of this raises some concerns about that. (If you don't want to be scrutinized as much about privacy & security stuff, I would recommend not advertising "more secure" as the first thing people see on the site) | ||||||||
| ▲ | saghul 2 days ago | parent [-] | |||||||
You are right, we dropped the ball on this one. We'll try and do better. | ||||||||
| ||||||||