[Secure-testing-team] [pkg-horde] Security Management for Horde packages
Nico Golde
debian-secure-testing+ml at ngolde.de
Thu Feb 7 21:21:27 UTC 2008
Hi Gregory,
* Gregory Colpart <reg at evolix.fr> [2008-02-07 22:00]:
> On Thu, Feb 07, 2008 at 07:57:56PM +0100, Nico Golde wrote:
> > > > Why not just sending a mail to the vendor-sec list?
> > >
> > > Because Gregory and Ola are not on that mailing list, and can't be,
> >
> > You can still be put in the CC though....
> >
> > > because not member of the Debian security teams? And having the
> > > maintainers in the loop is a Good Thing (tm)?
> >
> > Writing to vendor-sec should be the correct solution at
> > least that's what vendor-sec is exactly for, the vendors
> > will get the problem, discuss patches and fix with
> > upstream developers and other vendors...
>
> I request that vendor-sec list will be subscribe to Horde vendor
> list. Then Debian stable security team will have the informations
> via vendor-sec and Debian maintainers also via horde-vendor.
Not sure if you can subscribe this list to horde-vendor but
sounds like a good idea worth a try.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080207/9290fb9a/attachment.pgp
More information about the Secure-testing-team
mailing list