On Tue, Jun 12, 2012 at 2:39 AM, Clint Adams <cl...@debian.org> wrote: > On Tue, Jun 12, 2012 at 02:23:47AM +0800, Aron Xu wrote: >> sure whether it's relevant to Debian. People at Security Team are not >> only responsible for fixing things when it breaks out, but also make >> sure sensitive information is being disclosed in a correct form at a >> correct time. In the end, I believe talking with them beforehand is >> always a right way to do, no matter if Debian is affected by this >> particular issue. > > Coordinated disclosure is irresponsible, and we shouldn't do it. >
Then it's better to start the discussion at debian-security@l.d.o or at least start a new thread, :) Currently our Security Team is tend to coordinate disclosures, I think (but I'm not a team member, of course). -- Regards, Aron Xu -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAMr=8w5royoyascd1wppvjma3mwk10jquopn5dkxggse2y0...@mail.gmail.com