[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal/suggestion for security team w.r.t. published vulerabilities

* Adrian von Bidder:

> I think Jeroen is thinking about security problems the security team 
> already knows about but has not yet had time to handle (and which have 
> already been made public somewhere else.) Stupid if somebody has to 
> search the sources *again* if the security team already has the 
> information.

Actually, it's rather time-consuming to determine if a security
vulnerability has been published.  You have to discover the
publication, and then you have to decide whether it's actually the
same issue and if it's been disclosed completely.

Filing bug reports about public issues is something any DD or user can
do.  I don't think this should be added to the duties of the security
team.  I'd appreciate if they commented on new security bugs that are
tagged woody, though.

Reply to: