[Secure-testing-team] Security Management for Horde packages
Gregory Colpart
reg at evolix.fr
Thu Feb 7 02:06:37 UTC 2008
(Please Cc: me, I'm not subscribed to secure-testing-team@)
Hi Nico,
On Wed, Feb 06, 2008 at 09:13:30PM +0100, Nico Golde wrote:
> Hi Gregory,
> * Gregory Colpart <reg at evolix.fr> [2008-02-06 16:44]:
> > I asked recently to Horde upstreams a better coordination with us
> > for security problems. Then they create a private mailing
> > list to announce security issues and to coordinate releases with
> > vendors. You can see details on Horde wiki:
> > http://wiki.horde.org/SecurityManagement
> >
> > I'm now subscribed to this vendor mailing list. Don't hesitate to
> > subscribe if you are interested.
>
> Why not just sending a mail to the vendor-sec list?
I didn't know this list. After searching, I don't find "official"
website... but if I understand, the suggested workflow is :
1. upstream sends a mail about a disclosure to vendor-sec list
2. Debian security team is subscribed to vendor-sec and receives
the mail about a disclosure
3. Debian security team forwards to maintainer(s)
4. Coordination between everybody for security upload(s)
Am I right?
Regards,
--
Gregory Colpart <reg at evolix.fr> GnuPG:1024D/C1027A0E
Evolix - Informatique et Logiciels Libres http://www.evolix.fr/
More information about the Secure-testing-team
mailing list