This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Policy for posting security bug reports?


Carlos O'Donell <carlos_odonell@mentor.com> writes:

> Thanks for your feedback. Is this recommendation based on your
> experience in working with CERT?

Yeah.  Not direct experience, but what I've heard from other projects and
some conversations they've reported with the CERT folks.

> One easy point of contact is the newly appointed release manager for the
> branch currently in development. That person could then pull in the
> appropriate people.

Yeah, that would work.  You do want that person to have a published GnuPG
key so that people can send encrypted mail, though.  I don't know how
universal that is these days.  (I do a lot with Debian, so I'm spoiled in
being about to assume that everyone has a GnuPG key.)

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]