[board] Fwd: [core] Coordination with Debian for security problems ?
Ben Klang
ben at alkaloid.net
Tue Feb 5 22:23:36 UTC 2008
In my opinion the question isn't one of traffic but one of
controlling the information. The Debian team raises a valid concern
about being able to patch their packages in a reasonable amount of
time. However the information must not be archived in a public place
(as board@ is today) as it is often embargoed by the reporter to
coordinate public release.
/BAK/
--
Ben Klang
Alkaloid Networks LLC
ben at alkaloid.net
404.475.4850
http://projects.alkaloid.net
On Feb 5, 2008, at 5:13 PM, Marc G. Fournier wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I'd vote for "see if traffic warrants a second list" ...
>
> - --On Tuesday, February 05, 2008 16:22:00 -0500 Chuck Hagenbuch
> <chuck at horde.org> wrote:
>
>> This is something I could see the board list being useful for. Is it
>> mixing the purpose of the board too much to include security
>> notifications? Should we set up a separate list/system for that?
>>
>> core@ could be, if there weren't too many people.
>>
>> ----- Forwarded message from reg at evolix.fr -----
>> Date: Sun, 3 Feb 2008 03:43:47 +0100
>> From: Gregory Colpart <reg at evolix.fr>
>> Subject: [core] Coordination with Debian for security problems ?
>> To: core at horde.org
>>
>> Hello,
>>
>> I'm member of pkg-horde team (two or three persons who create
>> packages for Debian). We take care of security problems and we
>> try to publish corrected Debian packages as soon as possible when
>> we known new security bug [*]. Do you think possible to contact
>> us *privately* when you have private disclosure in order to
>> prepare fixed Debian package the day of public disclosure ?
>> And more generally, having the best way to known when you find
>> security problems (for now, we see them in Changelog of
>> (RC-)release...) could be very helpful for us.
>>
>> [*] Last example is here : http://www.debian.org/security/2008/
>> dsa-1470
>>
>> Regards,
>> --
>> Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
>> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
>>
>>
>> ----- End forwarded message -----
>>
>>
>> -chuck
>> __
>> board mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: board-unsubscribe at lists.horde.org
>
>
>
> - ----
> Marc G. Fournier Hub.Org Networking Services (http://
> www.hub.org)
> Email . scrappy at hub.org MSN .
> scrappy at hub.org
> Yahoo . yscrappy Skype: hub.org ICQ . 7615664
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.4 (FreeBSD)
>
> iD8DBQFHqN+V4QvfyHIvDvMRAoWHAJ4vSSKrryeqIAvA9t3Wm9e24yU1rACgqO31
> 9p8t+TVvX2aCVoR5e0GkvLY=
> =RnUn
> -----END PGP SIGNATURE-----
>
> __
> board mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: board-unsubscribe at lists.horde.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.horde.org/archives/board/attachments/20080205/b018333b/attachment-0001.html
More information about the board
mailing list