Re: Is Debian affected by the recent MySQL sql/password.c flow?

[Aron Xu <happyaron.xu@gmail.com>]

On Tue, Jun 12, 2012 at 2:39 AM, Clint Adams <clint@debian.org> wrote:
> On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote:
>> sure whether it's relevant to Debian. People at Security Team are not
>> only responsible for fixing things when it breaks out, but also make
>> sure sensitive information is being disclosed in a correct form at a
>> correct time. In the end, I believe talking with them beforehand is
>> always a right way to do, no matter if Debian is affected by this
>> particular issue.
>
> Coordinated disclosure is irresponsible, and we shouldn't do it.
>

Then it's better to start the discussion at debian-security@l.d.o or
at least start a new thread, :) Currently our Security Team is tend to
coordinate disclosures, I think (but I'm not a team member, of
course).



-- 
Regards,
Aron Xu