verified, we attempt to resolve it in as timely a fashion as possible.
Best Practical support customers will be notified before we disclose the
information to the public. All security announcements will be sent to
-C<rt-announce@bestpractical.com>, which includes
-C<rt-users@bestpractical.com> and C<rt-devel@bestpractical.com>.
+C<rt-announce@bestpractical.com> and posted to the community forum at
+L<https://forum.bestpractical.com>
As the tests for security vulnerabilities are often nearly identical to
working exploits, sensitive tests will be embargoed for a period of six
Protect your RT installation by making it only accessible via SSL. This
will protect against users' passwords being sniffed as they go over the
-wire, as well as helping prevent phishing attacks. If you use SSL, you
-will need to install some additional Perl libraries so that C<rt-mailgate>
-can connect. You can use the C<--enable-ssl-mailgate> command to
-configure to automate the installation of these dependencies. This is
-documented further in step 10 of the README.
+wire, as well as helping prevent phishing attacks.
You should use a certificate signed by a reputable authority, or at very
least a certificate signed by a consistent local CA, which you configure