Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.security > #4534

Re: Should Debian ask for a CPE when a CVE in Debian is found?

From Holger Levsen <holger@layer-acht.org>
Newsgroups linux.debian.security
Subject Re: Should Debian ask for a CPE when a CVE in Debian is found?
Date 2016-02-15 10:10 +0100
Message-ID <r2nkl-7he-3@gated-at.bofh.it> (permalink)
References <r1oLw-Wf-23@gated-at.bofh.it> <r1Psm-1ot-11@gated-at.bofh.it>
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Hi,

On Samstag, 13. Februar 2016, Paul Wise wrote:
> On Sat, Feb 13, 2016 at 2:51 AM, Wheeler, David A wrote:
> > Should Debian's security team ask for a Common Platform Enumeration (CPE)
> > id when a related CVE is found/reported fixed?
> 
> The debian-security list is a general Debian security discussion list
> rather than a contact point for the Debian security team.

yeah, exactly, that's why I suggested David to discuss this on this list. 

> If you wish
> to contact the Debian security team, please use security@debian.org.

That is not an address suited for public discussion (it aint public and there 
is no public archive), so your suggestion aint much helpful here.

Debian usually works in the open, as I understand it security@debian.org is 
for telling stuff to the Security team which aint open yet.

If debian-security@lists.debian.org should not be used to discuss security 
topics related to Debian (with and without the security team) this should be 
clarified, though I doubt this is the case.


Now if only someone could reply to the original question at hand! ;-)


cheers,
	Holger

Back to linux.debian.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Should Debian ask for a CPE when a CVE in Debian is found? "Wheeler, David A" <dwheeler@ida.org> - 2016-02-12 17:30 +0100
  RE: Should Debian ask for a CPE when a CVE in Debian is found? "Booth, Harold" <harold.booth@nist.gov> - 2016-02-12 19:30 +0100
  Re: Should Debian ask for a CPE when a CVE in Debian is found? Paul Wise <pabs@debian.org> - 2016-02-13 22:00 +0100
    Re: Should Debian ask for a CPE when a CVE in Debian is found? Holger Levsen <holger@layer-acht.org> - 2016-02-15 10:10 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Vulchev <v.vulchev@gmail.com> - 2016-02-15 10:30 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Elmar Stellnberger <estellnb@gmail.com> - 2016-02-15 10:40 +0100
        Re: Should Debian ask for a CPE when a CVE in Debian is found? "georg@riseup.net" <georg@riseup.net> - 2016-02-15 18:40 +0100
      Re: Should Debian ask for a CPE when a CVE in Debian is found? Paul Wise <pabs@debian.org> - 2016-02-16 00:50 +0100

csiph-web