[board] Fwd: [core] Coordination with Debian for security problems ?
Jan Schneider
jan at horde.org
Wed Feb 6 09:16:33 UTC 2008
Zitat von Gunnar Wrobel <wrobel at pardus.de>:
> Hi,
>
> Chuck Hagenbuch <chuck at horde.org> writes:
>
>> Quoting Ben Klang <ben at alkaloid.net>:
>>
>>> I agree with spirit of helping our biggest installs protect
>>> themselves, but we need to be careful and respectful of the grace
>>> period given to us by the security researchers who report the
>>> problems. The ability to release the information is their value and
>>> their notification to us is a courtesy. I would only feel
>>> comfortable including specific sites (or really, anyone beyond the
>>> core team and whoever actually codes the fix) if we can guarantee the
>>> information will be kept confidential until a coordinated release is
>>> made. It *could* also raise a potentially sticky question of who
>>> gets the information and who does not (and why not).
>>
>> Agreed. I've created vendor at lists.horde.org and subscribed some
>> initial users from core, and Gregory from Debian. Subscription for
>> other developers here will be opt-in, and needs to be approved by a
>> list administrator (Jan or myself). Other admins are welcome - please
>> just let me know.
>
> Could you add me with wrobel at gentoo.org on that list as well? I'm
> currently not responsible for the Gentoo packages but I'm handling web
> apps in general. And I'll ask vapier at gentoo.org (the current
> maintainer) if he wants to be added too.
Just subscribe yourself on http://lists.horde.org. We will gonna
approve your subscription request.
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
More information about the board
mailing list