Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: running the distros lists
From: Thomas Klausner <wiz () NetBSD org>
Date: Tue, 13 Mar 2012 12:44:03 +0100

Thanks for the clarifications, but this still leaves many questions open for me.

On Tue, Mar 13, 2012 at 06:53:04AM +0400, Solar Designer wrote:
What I'd like to be happening is for some list member(s) (not too many
of them) to be proposing a CRD for each reported issue on the day it is
reported.  Then those member(s) need to stay on top of all open issues
and ensure the CRDs are met (if necessary, adjusting the CRDs as long as
the list's limit permits).  Quite often, this will involve negotiations
with other list members, with the reporter, with upstream(s), and with
various other parties (such as related projects and distros who are not
on the list).  Yes, this does sound CERT'ish. ;-)

Does this person contact upstream(s)?
If not, who does?
Does this person contact downstreams?
Or are they assumed to read distros () ?
What if an up- or downstream claims to need longer (confer a recent issue)?
When CRD happens, who publishes what where?
Or is it just a free-for-all afterwards?

Just off the top of my head :)
 Thomas


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault