1 |
a3li 12/02/02 11:06:00 |
2 |
|
3 |
Modified: vulnerability-policy.xml |
4 |
Log: |
5 |
Document the retreat from f-d and bugtraq, add note about the GLSAMaker 2 bug closing feature |
6 |
|
7 |
Revision Changes Path |
8 |
1.24 xml/htdocs/security/en/vulnerability-policy.xml |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.24&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.24&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?r1=1.23&r2=1.24 |
13 |
|
14 |
Index: vulnerability-policy.xml |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/vulnerability-policy.xml,v |
17 |
retrieving revision 1.23 |
18 |
retrieving revision 1.24 |
19 |
diff -u -r1.23 -r1.24 |
20 |
--- vulnerability-policy.xml 2 Feb 2012 02:50:07 -0000 1.23 |
21 |
+++ vulnerability-policy.xml 2 Feb 2012 11:06:00 -0000 1.24 |
22 |
@@ -28,8 +28,8 @@ |
23 |
<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> |
24 |
<license/> |
25 |
|
26 |
-<version>1.3</version> |
27 |
-<date>2011-05-15</date> |
28 |
+<version>1.4</version> |
29 |
+<date>2012-02-02</date> |
30 |
|
31 |
<chapter> |
32 |
<title>Scope</title> |
33 |
@@ -597,28 +597,6 @@ |
34 |
</ti> |
35 |
</tr> |
36 |
<tr> |
37 |
- <ti>Bugtraq security mailing-list</ti> |
38 |
- <ti> |
39 |
- <mail link="bugtraq@×××××××××××××.com">bugtraq@×××××××××××××.com</mail> |
40 |
- </ti> |
41 |
-</tr> |
42 |
-<tr> |
43 |
- <ti>Full-disclosure security mailing-list</ti> |
44 |
- <ti> |
45 |
- <mail link="full-disclosure@××××××××××××××.uk"> |
46 |
- full-disclosure@××××××××××××××.uk |
47 |
- </mail> |
48 |
- </ti> |
49 |
-</tr> |
50 |
-<tr> |
51 |
- <ti>Linuxsecurity.com advisories service</ti> |
52 |
- <ti> |
53 |
- <mail link="security-alerts@×××××××××××××.com"> |
54 |
- security-alerts@×××××××××××××.com |
55 |
- </mail> |
56 |
- </ti> |
57 |
-</tr> |
58 |
-<tr> |
59 |
<ti>Gentoo Linux announcement forum</ti> |
60 |
<ti><uri>http://forums.gentoo.org/viewforum.php?f=16</uri></ti> |
61 |
</tr> |
62 |
@@ -630,7 +608,6 @@ |
63 |
|
64 |
<ul> |
65 |
<li>The <c>To:</c> field must be set to gentoo-announce</li> |
66 |
-<li>The <c>Cc:</c> filed must contain the other email addresses</li> |
67 |
<li>The <c>From:</c> and <c>Return-Path:</c> must be set to the GLSA |
68 |
coordinator @gentoo.org address</li> |
69 |
<li>The <c>Subject:</c> field must be "[ GLSA XXXXYY-ZZ ] Your vulnerability |
70 |
@@ -652,10 +629,19 @@ |
71 |
handled by an automatic poster when it receives the announcement. |
72 |
</note> |
73 |
|
74 |
+<note> |
75 |
+Starting Feb 2, 2012, we have decied to no longer CC any third parties. |
76 |
+The gentoo-announce mailing list has little other traffic, so that they |
77 |
+should be subscribed there. General security mailing lists such as full- |
78 |
+disclosure or bugtraq are not our target audience, and having various |
79 |
+distributions send notices about the same issues is not of any use to most |
80 |
+readers there, they too should be on gentoo-announce. |
81 |
+</note> |
82 |
+ |
83 |
<p> |
84 |
When the GLSA has been published the corresponding bugzilla bug should be |
85 |
resolved as FIXED, with the GLSA number referenced in the comments section |
86 |
-of the bug. |
87 |
+of the bug. GLSAMaker 2 offers this option after releasing the advisory. |
88 |
</p> |
89 |
|
90 |
</body> |