On 2018-02-09 at 15:32 +0000, Vsevolod Stakhov via Exim-dev wrote:
> It seems that FreeBSD is no longer considered in CVE early disclosure,
> isn't it?

There has been no change from Exim's side in how this was communicated.
We have an exim-maintainers mailing-list which has vetted people from
any interested OS project as members and that list received early
notification.  I strongly suspect that the OpenWall distros mailing-list
received early notification (but am not on that list and haven't asked
Heiko; I only saw the public notifications on oss-security later).

Our process is documented at:

So: we have a documented process, we have resources for OS folks to use,
nothing has changed here.  If FreeBSD had missed the notification, then
that's unfortunate.  I don't think I've done anything special in the
past to notify you beyond our documented process.  If I did, then that's
on me for not documenting it for Heiko (or having any recollection of it

What would you like us to have done differently?

Attachment: signature.asc
Description: Digital signature

## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim 
details at http://www.exim.org/ ##

Reply via email to