[Secure-testing-team] Security Management for Horde packages
Nico Golde
debian-secure-testing+ml at ngolde.de
Thu Feb 7 18:57:56 UTC 2008
Hi Lionel,
* Lionel Elie Mamane <lionel at mamane.lu> [2008-02-07 19:52]:
> On Wed, Feb 06, 2008 at 09:13:30PM +0100, Nico Golde wrote:
> > * Gregory Colpart <reg at evolix.fr> [2008-02-06 16:44]:
>
> >> I asked recently to Horde upstreams a better coordination with us
> >> for security problems. Then they create a private mailing
> >> list to announce security issues and to coordinate releases with
> >> vendors.
>
> >> I'm now subscribed to this vendor mailing list. Don't hesitate to
> >> subscribe if you are interested.
>
> > Why not just sending a mail to the vendor-sec list?
>
> Because Gregory and Ola are not on that mailing list, and can't be,
You can still be put in the CC though....
> because not member of the Debian security teams? And having the
> maintainers in the loop is a Good Thing (tm)?
Writing to vendor-sec should be the correct solution at
least that's what vendor-sec is exactly for, the vendors
will get the problem, discuss patches and fix with
upstream developers and other vendors...
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080207/bd4f521d/attachment.pgp
More information about the Secure-testing-team
mailing list