Re: Bits from the Security Team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Security Team
From: Don Armstrong <don@debian.org>
Date: Mon, 10 Mar 2008 19:19:21 -0700
Message-id: <[🔎] 20080311021921.GI7406@rzlab.ucr.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <20080309220511.GA3834@galadriel.inutil.org>
References: <20080309220511.GA3834@galadriel.inutil.org>

On Sun, 09 Mar 2008, Moritz Muehlenhoff wrote:
> If you're opening a ticket for a security problem which is publicly
> known, e.g. if it's announced on the project web site, please open a
> ticket in the "Security" queue. These issues will be visible
> publicly.

Is there any particular reason why we're duplicating this information
that should already be present in the bts as bugs with severity
serious tagged security marked found in a version in stable in RT?

If there are some change to the BTS needed for the security team to
track the non-embargoed issues more easily, I'd be glad to make (or at
the very least discuss) them.

From where I sit it seems non-ideal for both the security team and
maintainers (as well as anyone else who is interested) to put this
information in a system which isn't tied in strongly with the BTS or
otherwise is unable to track package versioning.

Don Armstrong

-- 
You could say to the Universe this is not /fair/. And the Universe
would say: Oh it isn't? Sorry.
 -- Terry Pratchett _Soul Music_ p357

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to:

Follow-Ups:
- Re: Bits from the Security Team
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: Notice spam
Next by Date: Re: Notice spam
Previous by thread: Re: Bits from the Security Team
Next by thread: Re: Bits from the Security Team
Index(es):
- Date
- Thread