On Sun, 9 Aug 2009 19:02:49 +0200 Nico Golde wrote: > Hi, > * Michael S. Gilbert <[email protected]> [2009-08-09 18:42]: > > On Sun, 9 Aug 2009 13:56:23 +0000 Nico Golde wrote: > > > > > Author: nion > > > Date: 2009-08-09 13:56:23 +0000 (Sun, 09 Aug 2009) > > > New Revision: 12531 > > > > > > Modified: > > > data/CVE/list > > > Log: > > > add todos for new items, please do that as well next time > > > > > > Modified: data/CVE/list > > > =================================================================== > > > --- data/CVE/list 2009-08-09 13:55:11 UTC (rev 12530) > > > +++ data/CVE/list 2009-08-09 13:56:23 UTC (rev 12531) > > > @@ -4,11 +4,13 @@ > > > - rubygems <not-affected> > > > NOTE: debian's version installs gems packages to /var/lib/gems, > > > NOTE: so no opportunity to overwrite system files > > > + TODO: request CVE id > > > > ok, is a mail to oss-sec like yours sufficient? also, i thought there > > were going to be some workflow changes where the security team could > > autonomously assign a CVE from a pool allocated to debian. are there > > any formal plans for that? or would that only be done along with a DSA? > > Sorry misunderstanding, I was just referring to the TODO > entries. Just add those TODOs in the future and you'll be > fine. Just want to make sure nothing is missing later.
ok, can and should i go ahead and send the mail to oss-sec also? or are only select people in debian supposed to do that? mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
