Paul Wise <p...@debian.org> writes: > Perhaps we could encourage those submitting security bugs to > X-Debbugs-CC the oss-sec list?
I don't think the list would really appreciate that. Most of the CVE requests it currently gets have been vetted by either a developer of the software or by the security team of a distribution, and right now the signal-to-noise ratio is very high. I think we want to at least peer-review the bug before we send it to oss-sec to make sure that we have good-quality requests. We also don't want to do something that would cause the whole bug discussion to get copied to the list. The list maintainers aren't particularly happy when that happens and the discussion drifts away from the specific security issue. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87ob1kdt2s....@windlord.stanford.edu