-----Original Message----- From: Matt Zimmerman [mailto:[EMAIL PROTECTED] On Behalf Of Matt Zimmerman Sent: Saturday, June 05, 2004 12:23 PM To: debian-security@lists.debian.org Subject: Re: [EMAIL PROTECTED]
On Thu, Jun 03, 2004 at 02:42:59AM +0200, Florian Weimer wrote: > Has [EMAIL PROTECTED] been directed away from debian-private? It's > probably a good move. In the past, the old setup resulted in some > confusion because submitters usually do not expect that security@ is read > by all people in the organization. 8-) Yes, see Steve's reply. This was done for exactly that reason. > Does this mean that security vulnerabilities are no longer to be discussed > on debian-private (which seems to have happened accidentally in the past)? I don't see any reason why it should be forbidden; if it is important for some reason that a large number of Debian developers be informed about a vulnerability, then that could happen via debian-private. In general, though, discussions about vulnerabilities take place between the package maintainer, upstream and the security team. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]