[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal/suggestion for security team w.r.t. published vulerabilities

On Tue, Jul 06, 2004 at 08:06:36PM +0200, Jeroen van Wolffelaar wrote:

> Or is there some reason filing bugs like I described here isn't
> wanted?

As you have repeatedly confirmed, the security team is very busy.
Generally, if an issue doesn't affect stable, I don't track it at all.
If an issue does affect stable, then when I release an advisory, I check
the package in unstable and file a bug if necessary.

Some people help track bugs in unstable by watching for new vulnerabilities
in public databases, verifying whether the bug is present in unstable, and
filing a bug if so.  It would be great if you would help with these efforts.
You do not need any authorization or information from the security team in
order to do so.

 - mdz

Reply to: