Re: Where to report major security holes to users
The _first_ place you should go is directly upstream, to LPRng's author.
I would let the debian LPRng maintainer know as well, but contacting
the author should your highest priority.
Once that's done, depending on the author's timeliness in getting a fix
out, possible places you may wanna post to (aside from this list) are
debian-security and bugtraq.
On Wed, Mar 07, 2001 at 10:08:21PM -0500, xsdg wrote:
> *Do not CC me*
> Hi. I recently discovered a major security hole in LPRng (for which I already submitted a bug report: #88886). Where should I post a message/warning about this bug (since I doubt that many people frequently browse Debian's BTS)?
> / Hildebrant's Principle: If you don't know where \
> \ you are going, any road will get you there. /
> / http://email@example.com \
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com
"... being a Linux user is sort of like living in a house inhabited
by a large family of carpenters and architects. Every morning when
you wake up, the house is a little different. Maybe there is a new
turret, or some walls have moved. Or perhaps someone has temporarily
removed the floor under your bed." - Unix for Dummies, 2nd Edition
-- found in the .sig of Rob Riggs, firstname.lastname@example.org