Hi,
So if you want to help with CVE triaging, you're welcome!
How can I join this work as well. I already member of Alioth project. Is there anything else I have to do like register or something like that?
Thanks and best regards Cong On 24/02/2015 18:07, Raphael Hertzog wrote:
Hello, one part of the process was not yet very well documented, it's the part about CVE triaging. I just fixed this by adding a new section tohttps://wiki.debian.org/LTS/Development (and at the same time I did some other cleanups/improvements). So if you want to help with CVE triaging, you're welcome! https://wiki.debian.org/LTS/Development#Triage_new_security_issues If some parts are unclear for you, please ask questions and I'll try to improve the explanations. I do have a question for the audience however: the new policy recommends to send a mail to the maintainers even when we tag some issues as no-dsa. But the security team is tagging some issues as no-dsa for us, shall we ask them to stop this so that we don't miss new issues tagged that way? Or can we ignore this assuming that tracker.debian.org will soon display warnings on packages that have open security issues in some Debian releases ? (cfhttp://bugs.debian.org/761859 andhttp://bugs.debian.org/761730) Cheers,
-- ===================================================================== Nguyen The Cong (Mr) Software Engineer Toshiba Software Development (Vietnam) Co.,Ltd 519 Kim Ma street, Ba Dinh District, Hanoi, Vietnam tel: +84-4-2220 8801 (Ext. 208) e-mail:[email protected] ===================================================================== -- This mail was scanned by BitDefender For more information please visit http://www.bitdefender.com -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
