[Secure-testing-team] Re: [Secure-testing-commits] t-s bits from
DebConf5
Matt Zimmerman
mdz at debian.org
Mon Jul 25 23:20:15 UTC 2005
On Sat, Jul 23, 2005 at 01:54:11AM +0200, Moritz Muehlenhoff wrote:
> On Tue, Jul 19, 2005 at 10:39:33AM -0400, Joey Hess wrote:
> > - Ubuntu's security guy, Martin Pitt, was also there, and we also
> > discussed ways to work with Ubuntu. He does more or less the same
> > kind of work we do for tracking vulnerabilities, although he tries to
> > automate the tracking of closed vulns via grepping changelogs with
> > his script, as has been discussed here before. No firm conclusions
> > were reached, and some kind of cooperation should be followed up on.
>
> This works for Ubuntu, as all USN and their relative changelog entries
> are issued by a single person, but might trigger to many false positives
> for sid with it's plethora of maintainers. I'd recommend to leave this
> with manual tracking.
This is actually used most often to see whether the Debian maintainer
already noted the fix, right Martin?
> > Not sure if Steven's email address is publicly
> > available
>
> Steven M. Christey <coley at linus.mitre.org> ?
That's him.
--
- mdz
More information about the Secure-testing-team
mailing list