[board] Fwd: [core] Coordination with Debian for security problems ?

Tue Feb 5 22:23:36 UTC 2008

In my opinion the question isn't one of traffic but one of  
controlling the information.  The Debian team raises a valid concern  
about being able to patch their packages in a reasonable amount of  
time.  However the information must not be archived in a public place  
(as board@ is today) as it is often embargoed by the reporter to  
coordinate public release.

/BAK/
-- 
Ben Klang
Alkaloid Networks LLC
ben at alkaloid.net
404.475.4850
http://projects.alkaloid.net

On Feb 5, 2008, at 5:13 PM, Marc G. Fournier wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I'd vote for "see if traffic warrants a second list" ...
>
> - --On Tuesday, February 05, 2008 16:22:00 -0500 Chuck Hagenbuch
> <chuck at horde.org> wrote:
>
>> This is something I could see the board list being useful for. Is it
>> mixing the purpose of the board too much to include security
>> notifications? Should we set up a separate list/system for that?
>>
>> core@ could be, if there weren't too many people.
>>
>> ----- Forwarded message from reg at evolix.fr -----
>>      Date: Sun, 3 Feb 2008 03:43:47 +0100
>>      From: Gregory Colpart <reg at evolix.fr>
>>   Subject: [core] Coordination with Debian for security problems ?
>>        To: core at horde.org
>>
>> Hello,
>>
>> I'm member of pkg-horde team (two or three persons who create
>> packages for Debian). We take care of security problems and we
>> try to publish corrected Debian packages as soon as possible when
>> we known new security bug [*]. Do you think possible to contact
>> us *privately* when you have private disclosure in order to
>> prepare fixed Debian package the day of public disclosure ?
>> And more generally, having the best way to known when you find
>> security problems (for now, we see them in Changelog of
>> (RC-)release...) could be very helpful for us.
>>
>> [*] Last example is here : http://www.debian.org/security/2008/ 
>> dsa-1470
>>
>> Regards,
>> --
>> Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
>> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
>>
>>
>> ----- End forwarded message -----
>>
>>
>> -chuck
>> __
>> board mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: board-unsubscribe at lists.horde.org
>
>
>
> - ----
> Marc G. Fournier           Hub.Org Networking Services (http:// 
> www.hub.org)
> Email . scrappy at hub.org                              MSN .  
> scrappy at hub.org
> Yahoo . yscrappy               Skype: hub.org        ICQ . 7615664
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4 (FreeBSD)
>
> iD8DBQFHqN+V4QvfyHIvDvMRAoWHAJ4vSSKrryeqIAvA9t3Wm9e24yU1rACgqO31
> 9p8t+TVvX2aCVoR5e0GkvLY=
> =RnUn
> -----END PGP SIGNATURE-----
>
> __
> board mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: board-unsubscribe at lists.horde.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.horde.org/archives/board/attachments/20080205/b018333b/attachment-0001.html 