[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should Debian ask for a CPE when a CVE in Debian is found?

On Mon, Feb 15, 2016 at 8:02 PM, Holger Levsen wrote:

> yeah, exactly, that's why I suggested David to discuss this on this list.

Ah, his mail didn't mention that suggestion.

> That is not an address suited for public discussion (it aint public and there
> is no public archive), so your suggestion aint much helpful here.
>
> Debian usually works in the open, as I understand it security@debian.org is
> for telling stuff to the Security team which aint open yet.
>
> If debian-security@lists.debian.org should not be used to discuss security
> topics related to Debian (with and without the security team) this should be
> clarified, though I doubt this is the case.

The reason I suggested contacting the team directly is that the
question seemed to be directed at the team rather than the people on
this list. Also I have the impression that all the team isn't
necessarily subscribed to this list and reading it regularly. Perhaps
I am misinformed here though.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise
Reply to: