default to a session cookie instead of setting an explicit timeout, weird timezone...

[freeside.git] / rt / docs / security.pod

diff --git a/rt/docs/security.pod b/rt/docs/security.pod
index 620f868..7120e38 100644 (file)
--- a/rt/docs/security.pod
+++ b/rt/docs/security.pod
@@ -16,8 +16,8 @@ After a security vulnerability is reported to Best Practical and
 verified, we attempt to resolve it in as timely a fashion as possible.
 Best Practical support customers will be notified before we disclose the
 information to the public.  All security announcements will be sent to
-C<rt-announce@bestpractical.com>, which includes
-C<rt-users@bestpractical.com> and C<rt-devel@bestpractical.com>.
+C<rt-announce@bestpractical.com> and posted to the community forum at
+L<https://forum.bestpractical.com>
 
 As the tests for security vulnerabilities are often nearly identical to
 working exploits, sensitive tests will be embargoed for a period of six
@@ -32,11 +32,7 @@ months before being added to the public RT repository.
 
 Protect your RT installation by making it only accessible via SSL.  This
 will protect against users' passwords being sniffed as they go over the
-wire, as well as helping prevent phishing attacks.  If you use SSL, you
-will need to install some additional Perl libraries so that C<rt-mailgate>
-can connect.  You can use the C<--enable-ssl-mailgate> command to
-configure to automate the installation of these dependencies.  This is
-documented further in step 10 of the README.
+wire, as well as helping prevent phishing attacks.
 
 You should use a certificate signed by a reputable authority, or at very
 least a certificate signed by a consistent local CA, which you configure