[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Security Team

On Mon, Mar 10, 2008 at 09:28:24AM +0100, Thijs Kinkhorst wrote:
> On Mon, March 10, 2008 09:24, Steve Langasek wrote:
> >> If you're opening a ticket for a security problem which is publicly
> >> known, e.g. if it's announced on the project web site, please open a
> >> ticket in the "Security" queue. These issues will be visible publicly.

> > As far as I can see, this announcement mail doesn't mention where the RT
> > instance is running, nor the means of opening a ticket in the appropriate
> > queue.  Where is this information available?

> We appearently assumed that all developers were aware of where the Debian
> RT is located and how it's used, but for those that missed it,

I'm well aware of where the existing Debian RT is.  Nowhere in the
announcement mail was it stated that the security team was using the *same*
RT instance.

> instructions are here:
> http://people.debian.org/~terpstra/message/20070323.015558.db94cadf.en.html

> Sorry for the inconvenience.

Which gives information about opening tickets in two queues: the keyring
queue, and the DSA queue.

Or do you mean that there's no email address for opening Security tickets,
and any tickets for the security queue can only be opened using the generic
'debian' user on the website?

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to: