On Tue, Aug 16, 2005 at 10:05:28PM +0200, Moritz Muehlenhoff wrote: > Matt Zimmerman wrote: > > On Tue, Aug 16, 2005 at 12:44:35PM +0200, Moritz Muehlenhoff wrote: > > > Rationale: > > > Security team automatically gets all bugs which are tagged security, > > > this ensures this is not missed. > > > > This is not true. If a bug should be brought to the attention of the > > security team, it needs to be sent to [EMAIL PROTECTED] The > > developer's reference contains further information about handling security > > bugs. > > I remember a mailing from someone from the security team/delegate saying that > there's already way to much mail to security@ and they'd read any bug report > tagged security anyway? It was probably on debian-security, but I'm not sure.
I read bugs tagged security, but as far as I am aware, the rest of the security team doesn't. > Security bugs should still be tagged "security", regardless whether it is the > only way of notification. They certainly should, but this is not a means of notification for the security team. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
