[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: eglibc update for GHOST CVE-2015-0235

Hi Thijs,

On Wed, 28 Jan 2015, Thijs Kinkhorst wrote:
> It seems at least from my perspective that the LTS team is a loosely
> defined consortium of individuals which makes sharing the embargoed
> information problematic. If I have an embargoed issue I think there's
> usually no problem sharing that information privately with LTS'ers, but
> right now there's no clear contact point for that.
> Nor do I have a good understanding of who is working on LTS. People are
> hired by the hour, so if I send something to someone personally now it may
> just be that they're not working on LTS this week. There's not really a
> defined "team" that I could find.

FWIW, concerning "paid contributors", we do have an alias pointing to all
the people listed in

FTR it's deblts-team _AT_ freexian.com. But I also believe that
this should not become an official contact point of the LTS team
for embargoed issues.

Maybe you could setup lts@security.debian.org alias pointing
to whoever from the LTS team is willing to handle embargoed issues?

Looks like Holger is interested. I am interested too. And I expect
Thorsten Altenholz to also be interested.

> Subscription to distros list is per individual and we can certainly
> nominate people for that, but I think it also depends on a clear
> definition of which DD('s) that would be.

I don't know how you handle embargoed issues in the security team
and if such a subscription is required to be able to prepare security
updates, or if you expect to share enough information with
the new private LTS contact point.

Anyway, I would be OK to be subscribed there too.

Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to: