On 2018-02-09 at 15:32 +0000, Vsevolod Stakhov via Exim-dev wrote: > It seems that FreeBSD is no longer considered in CVE early disclosure, > isn't it?
There has been no change from Exim's side in how this was communicated. We have an exim-maintainers mailing-list which has vetted people from any interested OS project as members and that list received early notification. I strongly suspect that the OpenWall distros mailing-list received early notification (but am not on that list and haven't asked Heiko; I only saw the public notifications on oss-security later). Our process is documented at: https://github.com/Exim/exim/wiki/SecurityReleaseProcess So: we have a documented process, we have resources for OS folks to use, nothing has changed here. If FreeBSD had missed the notification, then that's unfortunate. I don't think I've done anything special in the past to notify you beyond our documented process. If I did, then that's on me for not documenting it for Heiko (or having any recollection of it now). What would you like us to have done differently? -Phil
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##