Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > linux.debian.security > #4538

Re: Should Debian ask for a CPE when a CVE in Debian is found?

From Paul Wise <pabs@debian.org>
Newsgroups linux.debian.security
Subject Re: Should Debian ask for a CPE when a CVE in Debian is found?
Date 2016-02-16 00:50 +0100
Message-ID <r2B3Y-800-7@gated-at.bofh.it> (permalink)
References <r1oLw-Wf-23@gated-at.bofh.it> <r1Psm-1ot-11@gated-at.bofh.it> <r2nkl-7he-3@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

On Mon, Feb 15, 2016 at 8:02 PM, Holger Levsen wrote:

> yeah, exactly, that's why I suggested David to discuss this on this list.

Ah, his mail didn't mention that suggestion.

> That is not an address suited for public discussion (it aint public and there
> is no public archive), so your suggestion aint much helpful here.
>
> Debian usually works in the open, as I understand it security@debian.org is
> for telling stuff to the Security team which aint open yet.
>
> If debian-security@lists.debian.org should not be used to discuss security
> topics related to Debian (with and without the security team) this should be
> clarified, though I doubt this is the case.

The reason I suggested contacting the team directly is that the
question seemed to be directed at the team rather than the people on
this list. Also I have the impression that all the team isn't
necessarily subscribed to this list and reading it regularly. Perhaps
I am misinformed here though.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Back to linux.debian.security | Previous | NextPrevious in thread | Find similar

Thread

Should Debian ask for a CPE when a CVE in Debian is found? "Wheeler, David A" <dwheeler@ida.org> - 2016-02-12 17:30 +0100
  RE: Should Debian ask for a CPE when a CVE in Debian is found? "Booth, Harold" <harold.booth@nist.gov> - 2016-02-12 19:30 +0100
  Re: Should Debian ask for a CPE when a CVE in Debian is found? Paul Wise <pabs@debian.org> - 2016-02-13 22:00 +0100
    Re: Should Debian ask for a CPE when a CVE in Debian is found? Holger Levsen <holger@layer-acht.org> - 2016-02-15 10:10 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Vulchev <v.vulchev@gmail.com> - 2016-02-15 10:30 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Elmar Stellnberger <estellnb@gmail.com> - 2016-02-15 10:40 +0100
        Re: Should Debian ask for a CPE when a CVE in Debian is found? "georg@riseup.net" <georg@riseup.net> - 2016-02-15 18:40 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Paul Wise <pabs@debian.org> - 2016-02-16 00:50 +0100

csiph-web