On Wed, Aug 09, 2017 at 07:11:16AM -0400, Roberto C. Sánchez wrote:
> > * license of CVE text is unclear -> Moritz rewrites from scratch
> > - generic description of the issue instead of details of functions
> >
> Is it still OK to use verbatim text from a DSA in a DLA? It seems like
> that
Hi Guido & LTS/Security folks,
Thanks very much for publishing this summary. Since I was not able to
participate in person I would like add a few thoughts. See my comments
below inline.
On Wed, Aug 09, 2017 at 12:17:36AM -0300, Guido Günther wrote:
>
> * BTS is the canonical place for
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of giflib:
https://security-tracker.debian.org/tracker/source-package/giflib
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of cacti:
https://security-tracker.debian.org/tracker/source-package/cacti
Would you like to take care of this yourself?
If yes, please follow the workflow we have
Dear maintainer(s),
The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of curl:
https://security-tracker.debian.org/tracker/source-package/curl
Would you like to take care of this yourself?
If yes, please follow the workflow we have defined
Hi,
On Wed, Aug 09, 2017 at 03:05:31PM +0200, Sébastien Delafond wrote:
> On Aug/09, Markus Koschany wrote:
> > I intend to submit a patch for reportbug to implement the first part
> > of this idea. It basically asks an additional question before the
> > question about bccing multiple e-mail
On 08/08/17 23:17, Guido Günther wrote:
[...]
* We should try to track regressions to security updates more automatically
Alternatively
- the stable report-bug could offer to cc: the lts team on
issues if filed against the corresponding release and version
is a security
Hi Seb,
> > […]It basically asks an additional question before the
> > question about bccing multiple e-mail addresses
[…]
> I believe this would be useful, yes, as opposed to having to proactively
> look for such regressions.
Indeed, I'd like to see this backported.
The other thing
On 2017-08-09 00:17:36, Guido Günther wrote:
> * A staging repository on security-master (similar to proposed-updates
> for stable releases) would be great since it would do away with
> copying to people.d.o, etc.
> It would allow people with CI to test packages before they hit
>
On Aug/09, Markus Koschany wrote:
> I intend to submit a patch for reportbug to implement the first part
> of this idea. It basically asks an additional question before the
> question about bccing multiple e-mail addresses but only if the
> reported regression is against a package with a version
10 matches
Mail list logo
