[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is Debian affected by the recent MySQL sql/password.c flow?

On 12-06-12 at 02:40am, Thomas Goirand wrote:
> On 06/12/2012 02:23 AM, Aron Xu wrote:
> > I'm not saying you are disclosing anything, but you are asking if 
> > someone knows it's in what status publicly in a Debian development 
> > mailing list. Then this may lead to some disclosing and even mislead 
> > some other people. Yes there are many people doing tests just like 
> > you, and they are reporting their results in many ways they prefer. 
> > But as you are a DD you'd better not ignore our Security Team when 
> > starting discussion publicly about a security incident your are not 
> > sure whether it's relevant to Debian. People at Security Team are 
> > not only responsible for fixing things when it breaks out, but also 
> > make sure sensitive information is being disclosed in a correct form 
> > at a correct time. In the end, I believe talking with them 
> > beforehand is always a right way to do, no matter if Debian is 
> > affected by this particular issue.
> >   
> The first time I wrote it, it wasn't clear enough. Maybe writing with 
> CAPS-ON will help your understanding! :)
> IT HAS ALREADY BEEN MADE PUBLIC (for example: on slashdot) !!!

What you asked, and the answer to that question, was not already public.

...or you wouldn't have asked, I hope. ;-)

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: Digital signature

Reply to: