2:31 p.m.
On Mon, 25 Jan 2021 at 17:15, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
On Jan 25, 2021, 2:36 AM -0800, Leif Johansson <leifj at sunet.se>, wrote:
Good answers. I don't think we should claim to provide a complete list of all
software packages but there is no harm in saying that we know of several (list)
and these were part of the initial notification process to prepare them for
new relase
We could also say that this is an open source library available via GitHub; we have no
way of knowing all the deployments that use it. And perhaps we can take this as an
opportunity to point people to https://idpy.org/security/.
OK, I am planning to send the final email later, today.
For the last question I will answer something along the lines of the
following (I welcome any other feedback):
- 5. Finally, what other software/packages utilize
pysaml2 ?
pysaml2 is an open source project and community effort. We have a page
dedicated to security on our website here https://idpy.org/security/
and we urge all users of our software to read it and subscribe to the
appropriate channels to stay up to date.
We do know of projects that use pysaml2 and members of some of those
projects are in direct communication with us, regarding issues and
features. Towards the wider community we gave a two-week notice that
an issue has been reported, asking everyone to prepare for an upgrade.
Throughout the project lifetime, a network of trusted community
members has grown organically, and those were given access to more
information and early patches to test and provide feedback.
Projects like SAtoSA, djangosaml2, UniAuth as well as software and
services based on pysaml2 managed by educational institutions and
research organizations, like eduTEAMS and InAcademia, were updated
swiftly and some were already running the patched version even before
it was released.
Cheers,
--
Ivan Kanakarakis
1426
days inactive
1426
days old
0 comments
1 participants
participants (1)
-
ivan.kanak@gmail.com