u wrote (12 Jan 2016 16:04:47 GMT) : > Also, we should investigate how to better keep track of MFSAs and other > security announcements (even prior to them being posted on > debian-security). Some of us read FD or debian-security I think, but > maybe we can track this in a more efficient manner?
I loosely follow oss-security and commits to Debian's secure-testing repo. I've rarely seen advance notice of security issues/fixes in Mozilla software via these channels. So, tracking MFSAs seems to be the best we can do with only public information. AFAIK nobody from Tails is on the "private" list where Linux distros discuss embargoed security issues. Wrt. Firefox, so far we've received heads up in advance from the Tor Browser team. I guess similar ties with upstream Thunderbird could be built and result in similar heads up. Cheers! -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
