4:21 p.m.
On Jan 25, 2021, 2:36 AM -0800, Leif Johansson <leifj at sunet.se>, wrote:
On 2021-01-21 11:56, Ivan Kanakarakis wrote:
We could also say that this is an open source library available via GitHub; we have no way
of knowing all the deployments that use it. And perhaps we can take this as an opportunity
to point people to https://idpy.org/security/.
-Heather
Hello,
On Thu, 21 Jan 2021 at 11:17, Leif Johansson <leifj at sunet.se> wrote:
Good answers. I don't think we should claim to provide a complete list of all
software packages but there is no harm in saying that we know of several (list)
and these were part of the initial notification process to prepare them for
new relase
On 2021-01-20 21:38, Ivan Kanakarakis wrote:
This sounds like a better strategy. Below, I am answering the email
and questions to kickstart this process.
I am skeptical if we should answer the last question. Hello everyone,
I just received the following email with questions on the recent
vulnerabilities of pysaml2.
The news site is https://www.bleepingcomputer.com/
Should we answer?
and should we answer all questions?
I think we should answer but ask to see the writeup so you can help get the
details right.