[I got this mail via cc; I don't see the original in the mail archives, which means it probably got eaten by the spam trap for too many raw email addresses or other heuristics. I don't maintain cygwin.com, so I'm only commenting as a side observer here...]
On 01/07/2016 02:59 PM, Stefan Kanthak wrote: >> If this was your original off-list post, you just violated your own >> policy since you included cygwin AT cygwin.com which is a public list >> on the ping, and thereby made the issue public, without waiting 45 days. > > Simply wrong! > Cygwin doesn't name a security mailbox on > <https://cygwin.com/problems.html>, <https://cygwin.com/lists.html> > states > > | cygwin: In general, you should send questions and bug reports here. > > (which I did), and all of <secur...@cygwin.com>, <secur...@cygwin.org> > and <secur...@sourceware.org> bounce: see > <http://www.ietf.org/rfc/rfc2142.txt> regarding this well-known role > account (unfortunately RfC-ignorant.org closed). Okay, maybe we should consider creating a closed-subscription non-public-archives secur...@cygwin.com mailing list (however, cygwin.org and sourceware.org are not the right domains). Or at least update the web page to mention secal...@redhat.com as a reasonable alternative closed list to contact with potential Cygwin security flaws. I'll leave that up to others with actual admin rights on the cygwin.com box, though. > Next time: THINK BEFORE YOU POST! Shouting at people is not the friendliest way to resolve security or other issues. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
