Re: security@debian.org

To: debian-security@lists.debian.org
Subject: Re: security@debian.org
From: Matt Zimmerman <mdz@debian.org>
Date: Fri, 4 Jun 2004 20:23:22 -0700
Message-id: <[🔎] 20040605032321.GL19402@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 87d64h4gks.fsf@deneb.enyo.de>
References: <[🔎] 87d64h4gks.fsf@deneb.enyo.de>

On Thu, Jun 03, 2004 at 02:42:59AM +0200, Florian Weimer wrote:

> Has security@debian.org been directed away from debian-private?  It's
> probably a good move.  In the past, the old setup resulted in some
> confusion because submitters usually do not expect that security@ is read
> by all people in the organization. 8-)

Yes, see Steve's reply.  This was done for exactly that reason.

> Does this mean that security vulnerabilities are no longer to be discussed
> on debian-private (which seems to have happened accidentally in the past)?

I don't see any reason why it should be forbidden; if it is important for
some reason that a large number of Debian developers be informed about a
vulnerability, then that could happen via debian-private.

In general, though, discussions about vulnerabilities take place between the
package maintainer, upstream and the security team.

-- 
 - mdz

Reply to:

Follow-Ups:
- unsubscribe
  - From: "han, jung-suk" <jshan@slashpad.com>

References:
- security@debian.org
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: Unusual spam recently - hummm - postprocess
Next by Date: Re: Unusual spam recently - hummm
Previous by thread: Re: security@debian.org
Next by thread: unsubscribe
Index(es):
- Date
- Thread