Re: Should Debian ask for a CPE when a CVE in Debian is found?
On Mon, Feb 15, 2016 at 8:02 PM, Holger Levsen wrote:
> yeah, exactly, that's why I suggested David to discuss this on this list.
Ah, his mail didn't mention that suggestion.
> That is not an address suited for public discussion (it aint public and there
> is no public archive), so your suggestion aint much helpful here.
>
> Debian usually works in the open, as I understand it security@debian.org is
> for telling stuff to the Security team which aint open yet.
>
> If debian-security@lists.debian.org should not be used to discuss security
> topics related to Debian (with and without the security team) this should be
> clarified, though I doubt this is the case.
The reason I suggested contacting the team directly is that the
question seemed to be directed at the team rather than the people on
this list. Also I have the impression that all the team isn't
necessarily subscribed to this list and reading it regularly. Perhaps
I am misinformed here though.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: