Re: Bits from the Security Team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Security Team
From: Russ Allbery <rra@debian.org>
Date: Wed, 05 Mar 2014 17:16:59 -0800
Message-id: <[🔎] 87ob1kdt2s.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] CAKTje6EGjEFXwGY2WDE_gHHWhBAxU5Pw52TZNeHexdgP7K5Bng@mail.gmail.com> (Paul Wise's message of "Thu, 6 Mar 2014 09:00:13 +0800")
References: <20140305190301.GA2912@pisco.westfalen.local> <[🔎] CAKTje6EGjEFXwGY2WDE_gHHWhBAxU5Pw52TZNeHexdgP7K5Bng@mail.gmail.com>

Paul Wise <pabs@debian.org> writes:

> Perhaps we could encourage those submitting security bugs to
> X-Debbugs-CC the oss-sec list?

I don't think the list would really appreciate that.  Most of the CVE
requests it currently gets have been vetted by either a developer of the
software or by the security team of a distribution, and right now the
signal-to-noise ratio is very high.  I think we want to at least
peer-review the bug before we send it to oss-sec to make sure that we have
good-quality requests.

We also don't want to do something that would cause the whole bug
discussion to get copied to the list.  The list maintainers aren't
particularly happy when that happens and the discussion drifts away from
the specific security issue.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

References:
- Re: Bits from the Security Team
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Bits from the Security Team
Next by Date: Re: Bits from the Security Team
Previous by thread: Re: Bits from the Security Team
Next by thread: Re: Bits from the Security Team
Index(es):
- Date
- Thread