On Sun, 19 Apr 2009 17:05:14 -0400 Michael S. Gilbert wrote: > hence, i think the following would be a good process for ubuntu > security triagers: > > 1. triage issue in ubuntu > 2. check status of CVE in debian (debsecan could be used for this) > 3. submit bug report to launchpad (with link to debian bug report if > it already exists) > 4. update ubuntu security tracker > 5. if no existing debian report, submit bug to bugs.debian.org (note > that bin/report-vuln in secure-testing svn makes this semi-automated), > and preferably include a link to the launchpad report so the debian > maintainer can make use of your existing work > 6. wait for email from the debian bts with bug # and update > data/CVE/list with this info
dear ubuntu security team, have you had time to contemplate the above triage process (and/or improvements to it)? it would be very helpful to the debian security team (and in fact to the overall security of both debian and ubuntu) if you are able to commit to a closer working relationship. best regards, mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
