Hi,
On Wed, Nov 29, 2017 at 08:26:52PM +0100, Guido Günther wrote:
> Hi,
> On Wed, Aug 09, 2017 at 07:11:16AM -0400, Roberto C. Sánchez wrote:
> > Hi Guido & LTS/Security folks,
> >
> > Thanks very much for publishing this summary. Since I was not able to
> > participate in person I would like ad
Hi,
On Wed, Aug 09, 2017 at 07:11:16AM -0400, Roberto C. Sánchez wrote:
> Hi Guido & LTS/Security folks,
>
> Thanks very much for publishing this summary. Since I was not able to
> participate in person I would like add a few thoughts. See my comments
> below inline.
>
> On Wed, Aug 09, 2017 at
Hi,
On Wed, Aug 09, 2017 at 03:05:31PM +0200, Sébastien Delafond wrote:
> On Aug/09, Markus Koschany wrote:
> > I intend to submit a patch for reportbug to implement the first part
> > of this idea. It basically asks an additional question before the
> > question about bccing multiple e-mail addres
On 2017-08-09 00:17:36, Guido Günther wrote:
> * A staging repository on security-master (similar to proposed-updates
> for stable releases) would be great since it would do away with
> copying to people.d.o, etc.
> It would allow people with CI to test packages before they hit
> production
Hi Seb,
> > […]It basically asks an additional question before the
> > question about bccing multiple e-mail addresses
[…]
> I believe this would be useful, yes, as opposed to having to proactively
> look for such regressions.
Indeed, I'd like to see this backported.
The other thing
On Aug/09, Markus Koschany wrote:
> I intend to submit a patch for reportbug to implement the first part
> of this idea. It basically asks an additional question before the
> question about bccing multiple e-mail addresses but only if the
> reported regression is against a package with a version nu
On 08/08/17 23:17, Guido Günther wrote:
[...]
* We should try to track regressions to security updates more automatically
Alternatively
- the stable report-bug could offer to cc: the lts team on
issues if filed against the corresponding release and version
is a security upd
On Wed, Aug 09, 2017 at 07:11:16AM -0400, Roberto C. Sánchez wrote:
> > * license of CVE text is unclear -> Moritz rewrites from scratch
> > - generic description of the issue instead of details of functions
> >
> Is it still OK to use verbatim text from a DSA in a DLA? It seems like
> that sho
On Aug/09, Roberto C. Sánchez wrote:
> Is it still OK to use verbatim text from a DSA in a DLA? It seems
> like that should be OK, and it is something I do sometimes, as the
> DSAs are frequently published first and I feel like sharing the same
> summary text regarding a particular vulnerability k
Hi Guido & LTS/Security folks,
Thanks very much for publishing this summary. Since I was not able to
participate in person I would like add a few thoughts. See my comments
below inline.
On Wed, Aug 09, 2017 at 12:17:36AM -0300, Guido Günther wrote:
>
> * BTS is the canonical place for communic
10 matches
Mail list logo
