Sendmail is in the process of building a vendor contact list for security notifications and other important issues which come up over time. Most likely, future notifications will be given to everyone willing to not disclose the information and use an encrypted channel for all communications.
This message is intended for any group which redistributes sendmail in
their own open source or commercial products. This includes either the
open source or the commercial version of sendmail (e.g., sendmail 8.12 or
Sendmail Switch). If you fit this criteria, please send a PGP encrypted,
signed mail message to
sendmail-security at sendmail.org
with the following information:
Organization Name: (e.g., FreeBSD)
Do you redistribute the commercial version, open source version, or both?
Do you agree to treat any information given in an early notification as non-disclosure information? For those with public CVS repositories, this would also mean not committing anything related to the notification to your tree until the public advisory is released.
Security Group E-mail: (e.g., firstname.lastname@example.org)
Security Group Phone: (e.g., +1-555-555-1212)
Security Group PGP Key:
Individual Contact: (e.g, John Smith)
Individual E-Mail: (e.g., email@example.com)
Individual Phone: (e.g., +1-555-555-1212)
Individual PGP Key:
At least one e-mail address and phone number must be given.
The PGP Key given above must either be a key ID of a key found on the public key servers or the actual key.
Again, please PGP encrypt the response with the PGP key for sendmail-security at sendmail.org and PGP sign it with your PGP key.