On Tue, Jun 12, 2012 at 2:39 AM, Clint Adams <[email protected]> wrote: > On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote: >> sure whether it's relevant to Debian. People at Security Team are not >> only responsible for fixing things when it breaks out, but also make >> sure sensitive information is being disclosed in a correct form at a >> correct time. In the end, I believe talking with them beforehand is >> always a right way to do, no matter if Debian is affected by this >> particular issue. > > Coordinated disclosure is irresponsible, and we shouldn't do it. >
Then it's better to start the discussion at [email protected] or at least start a new thread, :) Currently our Security Team is tend to coordinate disclosures, I think (but I'm not a team member, of course). -- Regards, Aron Xu -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/CAMr=8w5royoyascd1wppvjma3mwk10jquopn5dkxggse2y0...@mail.gmail.com
