Re: Uploaded ld.so 1.8.10-2.1 (source i386) to master

To: Bruce Perens <bruce@pixar.com>
Cc: Christian Schwarz <schwarz@monet.m.isar.de>, debian-devel@lists.debian.org, David Engel <david@sw.ods.com>
Subject: Re: Uploaded ld.so 1.8.10-2.1 (source i386) to master
From: "Christian Hudon" <chudon@ee.mcgill.ca>
Date: Fri, 25 Jul 1997 22:00:14 -0400
Message-id: <[🔎] 19970725220014.14006@pianocktail>
In-reply-to: <[🔎] m0wphDI-00IdTeC@golem.pixar.com>; from "Bruce Perens" on Sat, Jul 19, 1997 at 02:38:00PM -0800
References: <[🔎] m0wphDI-00IdTeC@golem.pixar.com>

On Saturday, July 19, Bruce Perens wrote
> > I agree that the security manager has the authority to make interim
> > releases without asking on debian-devel or the maintainer in "emergency
> > situation". However, even the security manager has to follow our policy in
> > that case. That is, he/she has to file a bug report against the package
> > providing info and a u-diff for the maintainer about the changes he/she
> > has done.
> 
> I approve.
> 
> > If there are no objections, I'll add that to the "Developers reference
> > manual".
> 
> Fine with me.

A couple of points:

o Sometimes I may not be able to post the diff on a public mailing list. So
you might want to write something like "make the diff available to the
maintainer" (implying it can also be done through private mail, etc.).

o About posting announcements of fixes to bugtraq, etc. I'm not sure how
welcome such announcements would be. If every vendor (all the Linux
distributions, the *BSD and the commercial Unix people) started posting
notices for every fix to (say) bugtraq, they'd quickly drown the discussion
threads. And anyways there are things getting in place that should lessen
the need to broadcast these announcements to every mailing list. The first
thing is the Linux vendor-sec mailing, which will do 'group' announcements
for all the Linux distribution about security problems. (People who read
bugtraq will have seen the ld.so announcements... and Debian is in there.)
The second thing would be a debian-security-announce@lists.debian.org where
Debian-specific announcements would be sent. I emailed Pete about it, but
he's out of the office for about a week. What mailing-list software are the
Debian lists using? Since I doubt it can provide moderated lists that are
both secure (unauthorised people can't post to the list even with forged
headers) and fast (messages don't have to go through a human operator
before being sent to the list), I'm very tempted to install ezmlm on master
and do it myself. Is there anyone here to say that this would be a bad
idea?

   Christian

Attachment: pgp1gmdeLCYCo.pgp
Description: PGP signature

Reply to:

References:
- Re: Uploaded ld.so 1.8.10-2.1 (source i386) to master
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: Re: REMINDER: maintainer for DIP and SLIPLOGIN needed
Next by Date: Re: Uploaded ld.so 1.8.10-2.1 (source i386) to master
Previous by thread: Re: Uploaded ld.so 1.8.10-2.1 (source i386) to master
Next by thread: PCMCIA network card configuration
Index(es):
- Date
- Thread