* Adrian von Bidder: > I think Jeroen is thinking about security problems the security team > already knows about but has not yet had time to handle (and which have > already been made public somewhere else.) Stupid if somebody has to > search the sources *again* if the security team already has the > information.
Actually, it's rather time-consuming to determine if a security vulnerability has been published. You have to discover the publication, and then you have to decide whether it's actually the same issue and if it's been disclosed completely. Filing bug reports about public issues is something any DD or user can do. I don't think this should be added to the duties of the security team. I'd appreciate if they commented on new security bugs that are tagged woody, though. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]