[board] Fwd: [core] Coordination with Debian for security problems ?
Ben Klang
ben at alkaloid.net
Wed Feb 6 04:21:37 UTC 2008
On Feb 5, 2008, at 11:14 PM, Chuck Hagenbuch wrote:
> Quoting Ben Klang <ben at alkaloid.net>:
>
>> I agree with spirit of helping our biggest installs protect
>> themselves, but we need to be careful and respectful of the grace
>> period given to us by the security researchers who report the
>> problems. The ability to release the information is their value and
>> their notification to us is a courtesy. I would only feel
>> comfortable including specific sites (or really, anyone beyond the
>> core team and whoever actually codes the fix) if we can guarantee the
>> information will be kept confidential until a coordinated release is
>> made. It *could* also raise a potentially sticky question of who
>> gets the information and who does not (and why not).
>
> I've created this page:
>
> http://wiki.horde.org/SecurityManagement
>
> It may make sense to move this to the main website eventually, but I
> figure it could do with editing by other core folks first. It's locked
> to guests; please email this list or the vendor list if you do not
> have a dev.horde.org account and have suggested changes.
>
> -chuck
Does it make sense to link security at horde.org to this list somehow?
I realize the quantity of ICantGetMyMail questions may be annoying...
/BAK/
--
Ben Klang
Alkaloid Networks LLC
ben at alkaloid.net
404.475.4850
http://projects.alkaloid.net
More information about the board
mailing list