[board] Fwd: [core] Coordination with Debian for security problems ?

Chuck Hagenbuch chuck at horde.org
Tue Feb 5 21:22:00 UTC 2008


This is something I could see the board list being useful for. Is it  
mixing the purpose of the board too much to include security  
notifications? Should we set up a separate list/system for that?

core@ could be, if there weren't too many people.

----- Forwarded message from reg at evolix.fr -----
     Date: Sun, 3 Feb 2008 03:43:47 +0100
     From: Gregory Colpart <reg at evolix.fr>
  Subject: [core] Coordination with Debian for security problems ?
       To: core at horde.org

Hello,

I'm member of pkg-horde team (two or three persons who create
packages for Debian). We take care of security problems and we
try to publish corrected Debian packages as soon as possible when
we known new security bug [*]. Do you think possible to contact
us *privately* when you have private disclosure in order to
prepare fixed Debian package the day of public disclosure ?
And more generally, having the best way to known when you find
security problems (for now, we see them in Changelog of
(RC-)release...) could be very helpful for us.

[*] Last example is here : http://www.debian.org/security/2008/dsa-1470

Regards,
--
Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/


----- End forwarded message -----


-chuck


More information about the board mailing list