This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Policy for posting security bug reports?

From: Carlos O'Donell <carlos_odonell at mentor dot com>
To: Mike Frysinger <vapier at gentoo dot org>
Cc: <libc-alpha at sourceware dot org>, Carlos O'Donell <carlos_odonell at mentor dot com>,Russ Allbery <rra at stanford dot edu>, Rich Felker <dalias at aerifal dot cx>, Jeff Law<law at redhat dot com>, Paul Eggert <eggert at cs dot ucla dot edu>
Date: Wed, 27 Jun 2012 23:42:02 -0400
Subject: Re: Policy for posting security bug reports?
References: <20120623010836.GA2651@brightrain.aerifal.cx> <87zk7rb1io.fsf@windlord.stanford.edu> <4FE8C52E.6050005@mentor.com> <201206272223.47483.vapier@gentoo.org>

On 6/27/2012 10:23 PM, Mike Frysinger wrote:
> On Monday 25 June 2012 16:08:14 Carlos O'Donell wrote:
>> On 6/25/2012 4:05 PM, Russ Allbery wrote:
>>> Carlos O'Donell <carlos_odonell@mentor.com> writes:
>>>> * Contact the distribution contact listed on the MAINTAINERS
>>>>
>>>>   page for every distribution affected by the issue.
>>>
>>> A lot of packages that deal with a lot of security issues have a private
>>> mailing list that's used by the maintainers to reach all of those people
>>> at once.  (Some of them even do it via GnuPG-encrypted mail.)  I don't
>>> know if GNU libc has enough security bug reports to warrant doing
>>> something like that.
>>
>> One easy point of contact is the newly appointed release manager
>> for the branch currently in development. That person could then pull
>> in the appropriate people.
> 
> we've got bugzilla set up.  it has support for restricting to people, and 
> labeling things as security related (so it won't generate plain text e-mails 
> with details).  if we "just" had https running on the system, we'd have all 
> the pieces in a system that we've already been driving people to use.
> -mike

Is there anything preventing us from getting https support?

Can't we just turn that on in apache and it just works?

If all we need is https, could you email overseers and see if we can turn it on?

Cheers,
Carlos.
-- 
Carlos O'Donell
Mentor Graphics / CodeSourcery
carlos_odonell@mentor.com
carlos@codesourcery.com
+1 (613) 963 1026

Follow-Ups:
- Re: Policy for posting security bug reports?
  - From: Joseph S. Myers

References:
- Policy for posting security bug reports?
  - From: Rich Felker
- Re: Policy for posting security bug reports?
  - From: Russ Allbery
- Re: Policy for posting security bug reports?
  - From: Carlos O'Donell
- Re: Policy for posting security bug reports?
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]