Re: Want to help with CVE triaging?
Hi,
So if you want to help with CVE triaging, you're welcome!
How can I join this work as well. I already member of Alioth project.
Is there anything else I have to do like register or something like that?
Thanks and best regards
Cong
On 24/02/2015 18:07, Raphael Hertzog wrote:
Hello,
one part of the process was not yet very well documented, it's the part
about CVE triaging. I just fixed this by adding a new section
tohttps://wiki.debian.org/LTS/Development (and at the same time I did
some other cleanups/improvements).
So if you want to help with CVE triaging, you're welcome!
https://wiki.debian.org/LTS/Development#Triage_new_security_issues
If some parts are unclear for you, please ask questions and I'll try to
improve the explanations.
I do have a question for the audience however: the new policy recommends
to send a mail to the maintainers even when we tag some issues as no-dsa.
But the security team is tagging some issues as no-dsa for us, shall we
ask them to stop this so that we don't miss new issues tagged that way?
Or can we ignore this assuming that tracker.debian.org will soon display
warnings on packages that have open security issues in some Debian
releases ? (cfhttp://bugs.debian.org/761859 andhttp://bugs.debian.org/761730)
Cheers,
--
=====================================================================
Nguyen The Cong (Mr)
Software Engineer
Toshiba Software Development (Vietnam) Co.,Ltd
519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam
tel: +84-4-2220 8801 (Ext. 208)
e-mail:cong.nguyenthe@toshiba-tsdv.com
=====================================================================
--
This mail was scanned by BitDefender
For more information please visit http://www.bitdefender.com
Reply to: