Hi Salvatore,
On 24/05/2020 16:48, Salvatore Bonaccorso wrote:
> On Wed, May 20, 2020 at 12:34:13PM +, Holger Levsen wrote:
> Yes sure (fixing my obvious english grammar issues and typos). We have
> a very "high level" view on this in [1], but it might make sense to
> add some verb
Hi Hoger,
On Wed, May 20, 2020 at 12:34:13PM +, Holger Levsen wrote:
> Hi,
>
> (the long block of text is from Salvatore and should probably
> still go to https://security-team.debian.org/security_tracker.html)
>
> On Tue, Mar 03, 2020 at 08:45:36AM +0100, Ola Lundqvist wrote:
> > > On 02/03
Hi,
(the long block of text is from Salvatore and should probably
still go to https://security-team.debian.org/security_tracker.html)
On Tue, Mar 03, 2020 at 08:45:36AM +0100, Ola Lundqvist wrote:
> > On 02/03/2020 06:53, Salvatore Bonaccorso wrote:
> > > On Mon, Mar 02, 2020 at 01:57:05AM -,
Hi
We have this fairly well described here:
https://security-team.debian.org/security_tracker.html
Should that page be updated in some way?
// Ola
On Mon, 2 Mar 2020 at 11:11, Sylvain Beucler wrote:
> Hi,
>
> On 02/03/2020 06:53, Salvatore Bonaccorso wrote:
> > On Mon, Mar 02, 2020 at 01:57:0
Hi,
On 02/03/2020 06:53, Salvatore Bonaccorso wrote:
> On Mon, Mar 02, 2020 at 01:57:05AM -, Chris Lamb wrote:
>>> Internally they are all no-dsa states for the tracker. But think of it
>>> of three "flavours" of no-dsa.
>>>
>>> For instance for postponed, we think that an update is woth of a
Hi Chris,
On Mon, Mar 02, 2020 at 01:57:05AM -, Chris Lamb wrote:
> Hi Salvatore,
>
> > Internally they are all no-dsa states for the tracker. But think of it
> > of three "flavours" of no-dsa.
> >
> > For instance for postponed, we think that an update is woth of a DSA,
> > but it makes no
Hi Salvatore,
> Internally they are all no-dsa states for the tracker. But think of it
> of three "flavours" of no-dsa.
>
> For instance for postponed, we think that an update is woth of a DSA,
> but it makes no sense to just release a DSA for it and the issue
> should be tried to be included in
Hi
[I'm subscribed and following, but if anything needs a immediate reply
please do CC me, if something needs a reply from a security team
member please cc the security team always]
On Sun, Mar 01, 2020 at 08:14:41AM -0500, Roberto C. Sánchez wrote:
> On Sun, Mar 01, 2020 at 01:57:21PM +0100, Tho
On Sun, Mar 01, 2020 at 01:57:21PM +0100, Thorsten Alteholz wrote:
>
>
> On Sun, 1 Mar 2020, Roberto C. Sánchez wrote:
> >The rationale behind the no-dsa decision for stretch/buster
> > is unkown to me.
>
> Even upstream said in the announcement [1] (linked from the security
> tracke
On Sun, 1 Mar 2020, Roberto C. Sánchez wrote:
The rationale behind the no-dsa decision for stretch/buster
is unkown to me.
Even upstream said in the announcement [1] (linked from the security
tracker) that it is only a minor vulnerability.
As far as the other CVEs, it is my pra
On Sun, Mar 01, 2020 at 01:27:03PM +0100, Thorsten Alteholz wrote:
>
>
> On Sun, 1 Mar 2020, Emilio Pozuelo Monfort wrote:
> > I think we can all agree that the problem here is that there was an
> > unexpected
> > issue (a security upload getting rejected) that required sort of immediate
> > wo
On Sun, 1 Mar 2020, Emilio Pozuelo Monfort wrote:
I think we can all agree that the problem here is that there was an unexpected
issue (a security upload getting rejected) that required sort of immediate work
from a third party (an ftp-master).
I would like to add here, that the CVE in quest
Hi all,
I think we can all agree that the problem here is that there was an unexpected
issue (a security upload getting rejected) that required sort of immediate work
from a third party (an ftp-master). I don't think we should make a big deal of
this, as this can happen with any other two teams in
Hi Sylvain,
On Thu, Feb 27, 2020 at 12:28:49PM +0100, Sylvain Beucler wrote:
> This thread sounds weirdly formulated to me.
this might very well be the case and this is exactly why I started it, to
improve.
> We have an official Debian project (LTS, not eLTS), which is well
> integrated in Debi
Hi,
On 27/02/2020 02:57, Chris Lamb wrote:
>> I'm also vaguely pondering to do a survey among the Debian developers /
>> teams.
>> Given LTS is now 6 years old I think this could be useful.
> I think the usefulness of this would very much depend on the
> specificity of the questions we ask.
>
>
15 matches
Mail list logo
