On Fri, 29 Jan 2016 20:39:52 +0100, Moritz Mühlenhoff <[email protected]>
wrote:
On Fri, Jan 15, 2016 at 04:09:58PM +0100, Norvald H. Ryeng wrote:
so I'll need the complete list of
requirements first. The Debian MySQL team has asked for a list, in
writing, several times now, but that list has not been produced.
Here's what it essentially boils down to:
- Public, non-discriminatory access, we don't sign NDAs
- Public mapping between CVE IDs and patches (or commit IDs to a public
VCS)
- If the patches don't have meaningful commits messages on the nature of
the
change, provide a contact who is willing to answer questions for
backports
or impact
Thanks, Moritz!
Are these the final security team guidelines, or should we expect
something more later on?
Regards,
Norvald H. Ryeng
