Hi,
On Samstag, 13. Februar 2016, Paul Wise wrote:
> On Sat, Feb 13, 2016 at 2:51 AM, Wheeler, David A wrote:
> > Should Debian's security team ask for a Common Platform Enumeration (CPE)
> > id when a related CVE is found/reported fixed?
>
> The debian-security list is a general Debian security discussion list
> rather than a contact point for the Debian security team.
yeah, exactly, that's why I suggested David to discuss this on this list.
> If you wish
> to contact the Debian security team, please use security@debian.org.
That is not an address suited for public discussion (it aint public and there
is no public archive), so your suggestion aint much helpful here.
Debian usually works in the open, as I understand it security@debian.org is
for telling stuff to the Security team which aint open yet.
If debian-security@lists.debian.org should not be used to discuss security
topics related to Debian (with and without the security team) this should be
clarified, though I doubt this is the case.
Now if only someone could reply to the original question at hand! ;-)
cheers,
Holger