Hi, * Michael S. Gilbert <[email protected]> [2009-05-21 10:23]: > On Wed, 20 May 2009 18:43:15 +0200, Thijs Kinkhorst wrote: [...] > > Taking the 'no-dsa' issue: either there's going to be a DSA, or there's not > > going to be a DSA. That fact can be debated just fine on our mailinglists > > or > > in a relevant bug. Those means provide much better overviews and space for > > who thinks what, to respond to arguments etc. In the end there has to be a > > conclusion, we do either this or that. That conclusion/decision will be > > documented in the tracker. > > ok, i agree with this philosophy in intent. however, in practice i > see some problems: > > 1. if discussion happens in the relevant bug, then the security team > will not automatically be made aware of that discussion (solution > would be to forward all discussion on bugs marked security to > secure-testing-team list).
I see no problem with that in practice, the security team gets Cced on all security bugs and it's our job to keep track of the important ones then and follow the bug reports. Besides that there are people like me following debian-bugs-dist. > 2. if discussion happens on the security mailing list, the maintainer > will not be aware, and there is no link to the discussion from the > tracker for posterity. Also rather a workflow problem than a technical one. If people forget to Cc the relevant people, change that. > > > note that > > > dissenting opinions in US Supreme Court decisions are just as important > > > > I cannot envision any security issue that would be comparable to a supreme > > court case, nor can I even begin to think that we are operating even > > remotely > > like a "supreme court". > > just making a light-hearted analogy of the importance of giving everyone > a voice and the importance of recording that voice for future posterity > (specifically for anyone who does research using the tracker). You have a voice ;) Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp8k1p8deTMD.pgp
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
