[board] Fwd: [core] Coordination with Debian for security problems ?

Nuno Loureiro nuno at co.sapo.pt
Tue Feb 5 22:33:20 UTC 2008


I was going to agree with it, but Jan pointed out that this type of  
info should remain private and this list is not, so I agree with him.  
I would copy the subscribers of this list though, since besides  
developers, the remaining members are heavy users of Horde (or run the  
biggest Horde installations on earth) and it's good that they are  
notified in first hand of security problems.

Nuno


On Feb 5, 2008, at 22:09 , Jan Schneider wrote:

> I would prefer a separate vendor@ mailing list for that. It should be
> private, which board@ isn't.
>
> Zitat von Chuck Hagenbuch <chuck at horde.org>:
>
>> This is something I could see the board list being useful for. Is it
>> mixing the purpose of the board too much to include security
>> notifications? Should we set up a separate list/system for that?
>>
>> core@ could be, if there weren't too many people.
>>
>> ----- Forwarded message from reg at evolix.fr -----
>>     Date: Sun, 3 Feb 2008 03:43:47 +0100
>>     From: Gregory Colpart <reg at evolix.fr>
>>  Subject: [core] Coordination with Debian for security problems ?
>>       To: core at horde.org
>>
>> Hello,
>>
>> I'm member of pkg-horde team (two or three persons who create
>> packages for Debian). We take care of security problems and we
>> try to publish corrected Debian packages as soon as possible when
>> we known new security bug [*]. Do you think possible to contact
>> us *privately* when you have private disclosure in order to
>> prepare fixed Debian package the day of public disclosure ?
>> And more generally, having the best way to known when you find
>> security problems (for now, we see them in Changelog of
>> (RC-)release...) could be very helpful for us.
>>
>> [*] Last example is here : http://www.debian.org/security/2008/dsa-1470
>>
>> Regards,
>> --
>> Gregory Colpart <reg at evolix.fr>  GnuPG:1024D/C1027A0E
>> Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
>>
>>
>> ----- End forwarded message -----
>>
>>
>> -chuck
>> __
>> board mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: board-unsubscribe at lists.horde.org
>>
>
>
>
> Jan.
>
> -- 
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
>
> __
> board mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: board-unsubscribe at lists.horde.org

----
Nuno Loureiro <nuno at co.sapo.pt>
PTMail - DTP/APS/UNX - PT.COM - Portugal Telecom

PGP fingerprint = 8A32 5174 E80C 2D40 9075 405E C107 6592 054A 4D05
http://keyserver.noreply.org/pks/lookup?op=get&fingerprint=on&search=0xC1076592054A4D05





More information about the board mailing list