On Wed, 06 Jul 2016, Salvatore Bonaccorso wrote: > On Tue, May 24, 2016 at 06:54:00AM +0200, Salvatore Bonaccorso wrote: > > Hi, > > > > On Mon, May 23, 2016 at 10:49:54PM +0200, Moritz Mühlenhoff wrote: > > > Hi, > > > adding [email protected] to CC and quoting in full below to > > > solicit further comments. > > > > > > I think Drake's proposal makes perfect sense, the current behaviour is > > > mostly historic, it > > > was around before I joined the security team ten years ago. > > > > > > And maybe let's add something like: > > > "If you want to contact the security in private, please write to > > > [email protected], > > > if you want to discuss this on a public mailing list write to > > > [email protected]." > > > > Just a "agree" from my side. It probably would make sense to not send > > replies to [email protected] but instead have it sent to another > > mail which autoreplies with a set of indications what can be done and > > expand it with the above two lines. IIRC if someone tries to post to > > d-s-a manually, it get's already such an autoreply, just needs to say > > as well the further two contact lines. > > is there any furhter information needed from the security team for > this, or any other blocker?
The choices without significant extra engineering are to have Reply-To: messages to go [email protected], not to set a Reply-To: or to have Reply-To set to [email protected] I'm OK with whatever y'all decide. I'd prefer not to generate a special auto-responder, unless it was some sort of generic [email protected] which pointed people at https://www.debian.org/MailingLists/ -- Don Armstrong https://www.donarmstrong.com Any excuse will serve a tyrant. -- Aesop
