[Secure-testing-team] [webkit-security] need help triaging deluge of webkit-related security issues
Aaron Sigel
asigel at apple.com
Mon Aug 31 16:42:55 UTC 2009
Okay -- they should feel free to request access if they so desire it.
One email request should do.
On Aug 30, 2009, at 7:43 PM, Michael S Gilbert wrote:
> On Fri, 21 Aug 2009 14:44:45 -0700 Aaron Sigel wrote:
>> I'd like to nominate debian to join the webkit-security list, but I'd
>> also like it if the addresses / people I nominated were @debian.org.
>>
>> Who should I nominate? Names + email address would be appreciated.
>>
>> Aaron
>>
>> On Aug 9, 2009, at 10:00 PM, Michael S Gilbert wrote:
>>
>>> hello,
>>>
>>> i sent the following mail a few weeks ago, and have not heard
>>> anything
>>> yet. security of your downstream vendors is of utmost importance
>>> for
>>> webkit to gain traction as a trustable browser engine.
>>>
>>> if downstreams are not going to be able to get sufficient access to
>>> security information, users will start to notice and will stick with
>>> more trustable products that have "mature" security practices, like
>>> mozilla.
>>>
>>> is there any way that you could provide this info to debian? you
>>> don't even have to go through me. you can contact their private
>>> list
>>> if you so desire: team at security.debian.org; although that should not
>>> be necessary since all of these issues are already public.
>>>
>>> mike
>>>
>>> On Sun, Jul 19, 2009 at 8:42 PM, Michael S Gilbert wrote:
>>>> hello,
>>>>
>>>> the debian project (and likely other webkit downstreams) are in
>>>> desparate need
>>>> of assistance triaging the deluge of 30+ webkit security bugs that
>>>> came through
>>>> apple recently [1]. the problem, of course, is that the apple
>>>> announcements
>>>> are effectively useless since there is no information about patches
>>>> and bug
>>>> reports for the problems. hence, it makes it very difficult to
>>>> determine which
>>>> webkit versions are affected; and also to find the patches needed
>>>> to address
>>>> the problems.
>>>>
>>>> if you can help me track down the patches/bug reports, that would
>>>> be
>>>> great. thank
>>>> you for any assistance you can provide.
>
> i haven't seen anyone respond to this for a couple weeks, so i'll
> chime
> in to get the ball rolling. Florian Wiemer (fw at debian dot org),
> Nico Golde (nion at debian dot org), Thijs Kinkhorst (thijs at
> debian dot org ), and Moritz Muehlenhoff (jmm at debian dot org) are
> the
> big names in debian security. Florian, in particular, deals with
> most of
> the vendor-sec issues. hopefully one or more of them would be
> interested in participating on the webkit security team/list.
>
> mike
More information about the Secure-testing-team
mailing list