[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: eglibc update for GHOST CVE-2015-0235


On Mittwoch, 28. Januar 2015, Thijs Kinkhorst wrote:
> It seems at least from my perspective that the LTS team is a loosely
> defined consortium of individuals which makes sharing the embargoed
> information problematic. If I have an embargoed issue I think there's
> usually no problem sharing that information privately with LTS'ers, but
> right now there's no clear contact point for that.

> Nor do I have a good understanding of who is working on LTS. People are
> hired by the hour, so if I send something to someone personally now it may
> just be that they're not working on LTS this week.

I do understand how you come to think this, but at least for me this is not 
true: while I do work some paid hours per month on LTS I also spent "my free 
time" on both LTS and (to a lesser degree) I'mm also willing to do security 
work (in "my free time") for wheezy (esp. for issues I fix in LTS first...)

So in summary: I'm available (at least for coordination) for LTS things all 
the time.

But I don't want to be the single LTS person in that role...

> There's not really a
> defined "team" that I could find.

we should still fix this.

> I would start with creating such a contact point, and make it clear who's
> behind it. That makes sharing this information much more straightforward.


> Subscription to distros list is per individual and we can certainly
> nominate people for that, but I think it also depends on a clear
> definition of which DD('s) that would be.



Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: