[Secure-testing-team] Security Management for Horde packages
Nico Golde
debian-secure-testing+ml at ngolde.de
Thu Feb 7 09:06:03 UTC 2008
Hi Gregory,
* Gregory Colpart <reg at evolix.fr> [2008-02-07 09:14]:
> (Please Cc: me, I'm not subscribed to secure-testing-team@)
> On Wed, Feb 06, 2008 at 09:13:30PM +0100, Nico Golde wrote:
> > Hi Gregory,
> > * Gregory Colpart <reg at evolix.fr> [2008-02-06 16:44]:
[...]
> >
> > Why not just sending a mail to the vendor-sec list?
>
> I didn't know this list. After searching, I don't find "official"
> website... but if I understand, the suggested workflow is :
> 1. upstream sends a mail about a disclosure to vendor-sec list
> 2. Debian security team is subscribed to vendor-sec and receives
> the mail about a disclosure
> 3. Debian security team forwards to maintainer(s)
> 4. Coordination between everybody for security upload(s)
>
> Am I right?
Yes should work like this even if only the stable team is
subscribed and we usually don't get things forwarded so the
best thing would be if you notice the testing-security team
in private too. You can reach the relevant people via
team at testing-security.debian.net
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080207/8b94e310/attachment.pgp
More information about the Secure-testing-team
mailing list