Re: Is Debian affected by the recent MySQL sql/password.c flow?
On Tue, Jun 12, 2012 at 2:39 AM, Clint Adams <firstname.lastname@example.org> wrote:
> On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote:
>> sure whether it's relevant to Debian. People at Security Team are not
>> only responsible for fixing things when it breaks out, but also make
>> sure sensitive information is being disclosed in a correct form at a
>> correct time. In the end, I believe talking with them beforehand is
>> always a right way to do, no matter if Debian is affected by this
>> particular issue.
> Coordinated disclosure is irresponsible, and we shouldn't do it.
Then it's better to start the discussion at email@example.com or
at least start a new thread, :) Currently our Security Team is tend to
coordinate disclosures, I think (but I'm not a team member, of