Re: Proposal/suggestion for security team w.r.t. published vulerabilities
On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:
> Or is there some reason filing bugs like I described here isn't
As you have repeatedly confirmed, the security team is very busy.
Generally, if an issue doesn't affect stable, I don't track it at all.
If an issue does affect stable, then when I release an advisory, I check
the package in unstable and file a bug if necessary.
Some people help track bugs in unstable by watching for new vulnerabilities
in public databases, verifying whether the bug is present in unstable, and
filing a bug if so. It would be great if you would help with these efforts.
You do not need any authorization or information from the security team in
order to do so.