On Tue, Nov 13, 2001 at 03:42:31PM +0100, Wichert Akkerman wrote:
> I'm not aware there is a specific maintainer. I wrote the initial FAQ
> and had some items added later. A few others also did that from what
> I see, but afaik there is no single maintainer and I don't see why
> there needs to be one.
I was talking about the Debian Security Manual, see my last post
(bashing myself :)
I've just commited to CVS a new version including some other FAQs:
Q: I have suffered a break-in what do I do?
A: Read this document and take the appropiate measures outlined here.
If you need assistance you might use the debian-security@lists.debian.org
to ask for advice on how to recover/patch your system.
Q: Program X in Debian is vulnerable, what do I do?
A: Take a moment, first, to see if the vulnerability has been announced
in public security mailing lists (like Bugtraq) or other forums, the
Debian Security Team keeps up to date with this lists, so they might already
be aware of the problem. Do not take any further actions if you see an
announcement already at <url id="http://security.debian.org";>.
If you do not see any of this, please send mail on the affected packages
as well as a description of the vulnerability as detailed as possible
(proof of concept code is also ok) to [EMAIL PROTECTED] which will get
you in touch with the security team.
Javi
