Want to help with CVE triaging?

To: debian-lts@lists.debian.org
Subject: Want to help with CVE triaging?
From: Raphael Hertzog <hertzog@debian.org>
Date: Tue, 24 Feb 2015 12:07:33 +0100
Message-id: <[🔎] 20150224110733.GA23829@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, debian-lts@lists.debian.org

Hello,

one part of the process was not yet very well documented, it's the part
about CVE triaging. I just fixed this by adding a new section
to https://wiki.debian.org/LTS/Development (and at the same time I did
some other cleanups/improvements).

So if you want to help with CVE triaging, you're welcome!

https://wiki.debian.org/LTS/Development#Triage_new_security_issues

If some parts are unclear for you, please ask questions and I'll try to
improve the explanations.


I do have a question for the audience however: the new policy recommends
to send a mail to the maintainers even when we tag some issues as no-dsa.
But the security team is tagging some issues as no-dsa for us, shall we
ask them to stop this so that we don't miss new issues tagged that way?

Or can we ignore this assuming that tracker.debian.org will soon display
warnings on packages that have open security issues in some Debian
releases ? (cf http://bugs.debian.org/761859 and http://bugs.debian.org/761730)

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: Want to help with CVE triaging?
  - From: DIXLOR <dixlor@gmail.com>
- Re: Want to help with CVE triaging?
  - From: Nguyen Cong <cong.nguyenthe@toshiba-tsdv.com>

Prev by Date: Re: squeeze update of freetype?
Next by Date: Re: Want to help with CVE triaging?
Previous by thread: squeeze update of icu?
Next by thread: Re: Want to help with CVE triaging?
Index(es):
- Date
- Thread