Re: Proposal/suggestion for security team w.r.t. published vulerabilities

To: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>
Cc: debian-security@lists.debian.org
Subject: Re: Proposal/suggestion for security team w.r.t. published vulerabilities
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sat, 10 Jul 2004 12:29:11 +0200
Message-id: <[🔎] 87brio17go.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 200407080924.15589@fortytwo.ch> (Adrian von Bidder's message of "Thu, 8 Jul 2004 09:24:15 +0200")
References: <[🔎] 20040706180636.GL9109@A-Eskwadraat.nl> <[🔎] 20040707111701.GT6050@A-Eskwadraat.nl> <[🔎] 20040707162847.GF21676@alcor.net> <[🔎] 200407080924.15589@fortytwo.ch>

* Adrian von Bidder:

> I think Jeroen is thinking about security problems the security team 
> already knows about but has not yet had time to handle (and which have 
> already been made public somewhere else.) Stupid if somebody has to 
> search the sources *again* if the security team already has the 
> information.

Actually, it's rather time-consuming to determine if a security
vulnerability has been published.  You have to discover the
publication, and then you have to decide whether it's actually the
same issue and if it's been disclosed completely.

Filing bug reports about public issues is something any DD or user can
do.  I don't think this should be added to the duties of the security
team.  I'd appreciate if they commented on new security bugs that are
tagged woody, though.

Reply to:

Follow-Ups:
- Re: Proposal/suggestion for security team w.r.t. published vulerabilities
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>

References:
- Proposal/suggestion for security team w.r.t. published vulerabilities
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Re: Proposal/suggestion for security team w.r.t. published vulerabilities
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>
- Re: Proposal/suggestion for security team w.r.t. published vulerabilities
  - From: Matt Zimmerman <mdz@debian.org>
- Re: Proposal/suggestion for security team w.r.t. published vulerabilities
  - From: Adrian 'Dagurashibanipal' von Bidder <avbidder@fortytwo.ch>

Prev by Date: Re: Cite for print-to-postscript exploit in Mozilla?
Next by Date: Re: Mozilla/Firefox "PostScript/default" security problems
Previous by thread: Re: Proposal/suggestion for security team w.r.t. published vulerabilities
Next by thread: Re: Proposal/suggestion for security team w.r.t. published vulerabilities
Index(es):
- Date
- Thread