Matt Zimmerman wrote:
> On Tue, Aug 16, 2005 at 12:44:35PM +0200, Moritz Muehlenhoff wrote:
> > Rationale:
> > Security team automatically gets all bugs which are tagged security,
> > this ensures this is not missed.
>
> This is not true. If a bug should be brought to the attention of the
> security team, it needs to be sent to [EMAIL PROTECTED] The
> developer's reference contains further information about handling security
> bugs.
I remember a mailing from someone from the security team/delegate saying that
there's already way to much mail to security@ and they'd read any bug report
tagged security anyway? It was probably on debian-security, but I'm not sure.
Security bugs should still be tagged "security", regardless whether it is the
only way of notification.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
