Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #4535

Re: Should Debian ask for a CPE when a CVE in Debian is found?

From Vulchev <v.vulchev@gmail.com>
Newsgroups linux.debian.security
Subject Re: Should Debian ask for a CPE when a CVE in Debian is found?
Date 2016-02-15 10:30 +0100
Message-ID <r2nDJ-7od-33@gated-at.bofh.it> (permalink)
References <r1oLw-Wf-23@gated-at.bofh.it> <r1Psm-1ot-11@gated-at.bofh.it> <r2nkl-7he-3@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

unsubrcribe

On Mon, Feb 15, 2016 at 11:02 AM, Holger Levsen <holger@layer-acht.org>
wrote:

> Hi,
>
> On Samstag, 13. Februar 2016, Paul Wise wrote:
> > On Sat, Feb 13, 2016 at 2:51 AM, Wheeler, David A wrote:
> > > Should Debian's security team ask for a Common Platform Enumeration
> (CPE)
> > > id when a related CVE is found/reported fixed?
> >
> > The debian-security list is a general Debian security discussion list
> > rather than a contact point for the Debian security team.
>
> yeah, exactly, that's why I suggested David to discuss this on this list.
>
> > If you wish
> > to contact the Debian security team, please use security@debian.org.
>
> That is not an address suited for public discussion (it aint public and
> there
> is no public archive), so your suggestion aint much helpful here.
>
> Debian usually works in the open, as I understand it security@debian.org
> is
> for telling stuff to the Security team which aint open yet.
>
> If debian-security@lists.debian.org should not be used to discuss security
> topics related to Debian (with and without the security team) this should
> be
> clarified, though I doubt this is the case.
>
>
> Now if only someone could reply to the original question at hand! ;-)
>
>
> cheers,
>         Holger
>
>

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Should Debian ask for a CPE when a CVE in Debian is found? "Wheeler, David A" <dwheeler@ida.org> - 2016-02-12 17:30 +0100
  RE: Should Debian ask for a CPE when a CVE in Debian is found? "Booth, Harold" <harold.booth@nist.gov> - 2016-02-12 19:30 +0100
  Re: Should Debian ask for a CPE when a CVE in Debian is found? Paul Wise <pabs@debian.org> - 2016-02-13 22:00 +0100
    Re: Should Debian ask for a CPE when a CVE in Debian is found? Holger Levsen <holger@layer-acht.org> - 2016-02-15 10:10 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Vulchev <v.vulchev@gmail.com> - 2016-02-15 10:30 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Elmar Stellnberger <estellnb@gmail.com> - 2016-02-15 10:40 +0100
        Re: Should Debian ask for a CPE when a CVE in Debian is found? "georg@riseup.net" <georg@riseup.net> - 2016-02-15 18:40 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Paul Wise <pabs@debian.org> - 2016-02-16 00:50 +0100

csiph-web