[web] master update

Mark J. Cox mark at openssl.org
Tue Mar 16 10:59:30 UTC 2021 

The branch master has been updated
       via  15064d72540a2d5405d749acd74caeb8683ae886 (commit)
       via  866c7caa7a09f7f56be99d7cb750be9c901503e0 (commit)
       via  f37be0806125a21d7107327a97cc0d7cdc9275e8 (commit)
       via  f4faa3d32216b9a47c6103400659e8f274c36052 (commit)
      from  abbb2d45bbd7db0f8733a2ca997300b572d19061 (commit)


- Log -----------------------------------------------------------------
commit 15064d72540a2d5405d749acd74caeb8683ae886
Merge: abbb2d4 866c7ca
Author: Mark J. Cox <mark at openssl.org>
Date:   Tue Mar 16 10:48:55 2021 +0000

    Merge pull request #222 from iamamoose/securitypolicychange
    
    Update security policy to note we prenotify projects like LibreSSL and BoringSSL

commit 866c7caa7a09f7f56be99d7cb750be9c901503e0
Author: Mark J. Cox <mark at awe.com>
Date:   Tue Mar 16 10:47:33 2021 +0000

    Vote passed, update the change date

commit f37be0806125a21d7107327a97cc0d7cdc9275e8
Author: Mark J. Cox <mark at awe.com>
Date:   Thu Mar 4 11:07:25 2021 +0000

    "based on" could be misinterpreted as projects that simply use OpenSSL but
    the intent of this change is for projects that are derived from OpenSSL

commit f4faa3d32216b9a47c6103400659e8f274c36052
Author: Mark J. Cox <mark at awe.com>
Date:   Tue Mar 2 11:18:48 2021 +0000

    For many years we have notified LibreSSL and BoringSSL, but we should be clear that we do so in the policy

-----------------------------------------------------------------------

Summary of changes:
 policies/secpolicy.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/policies/secpolicy.html b/policies/secpolicy.html
index 54fb592..ff4eb5f 100644
--- a/policies/secpolicy.html
+++ b/policies/secpolicy.html
@@ -12,7 +12,7 @@
 	  <header>
 	    <h2>Security Policy</h2>
 	    <h5>
-	      Last modified 12th May 2020
+	      Last modified 16th March 2021
 	    </h5>
 	</header>
 	  <div class="entry-content">
@@ -126,6 +126,8 @@
 	    that uses OpenSSL as included on
 	    <a
 	    href="http://oss-security.openwall.org/wiki/mailing-lists/distros">this list of Operating System distribution security contacts</a>.</li>
+            <li>We also include other open source projects that are derived from OpenSSL which
+            have a significant user base and a reciprocal arrangement. </li>
 	    <li>We may also include other organisations that are not listed but
 	    would otherwise qualify for list membership.  </li>
             <li>We may also include organisations with which we have a

More information about the openssl-commits mailing list