| 1 |
a3li 12/02/02 11:06:00 |
| 2 |
|
| 3 |
Modified: vulnerability-policy.xml |
| 4 |
Log: |
| 5 |
Document the retreat from f-d and bugtraq, add note about the GLSAMaker 2 bug closing feature |
| 6 |
|
| 7 |
Revision Changes Path |
| 8 |
1.24 xml/htdocs/security/en/vulnerability-policy.xml |
| 9 |
|
| 10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.24&view=markup |
| 11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?rev=1.24&content-type=text/plain |
| 12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/vulnerability-policy.xml?r1=1.23&r2=1.24 |
| 13 |
|
| 14 |
Index: vulnerability-policy.xml |
| 15 |
=================================================================== |
| 16 |
RCS file: /var/cvsroot/gentoo/xml/htdocs/security/en/vulnerability-policy.xml,v |
| 17 |
retrieving revision 1.23 |
| 18 |
retrieving revision 1.24 |
| 19 |
diff -u -r1.23 -r1.24 |
| 20 |
--- vulnerability-policy.xml 2 Feb 2012 02:50:07 -0000 1.23 |
| 21 |
+++ vulnerability-policy.xml 2 Feb 2012 11:06:00 -0000 1.24 |
| 22 |
@@ -28,8 +28,8 @@ |
| 23 |
<!-- See http://creativecommons.org/licenses/by-sa/1.0 --> |
| 24 |
<license/> |
| 25 |
|
| 26 |
-<version>1.3</version> |
| 27 |
-<date>2011-05-15</date> |
| 28 |
+<version>1.4</version> |
| 29 |
+<date>2012-02-02</date> |
| 30 |
|
| 31 |
<chapter> |
| 32 |
<title>Scope</title> |
| 33 |
@@ -597,28 +597,6 @@ |
| 34 |
</ti> |
| 35 |
</tr> |
| 36 |
<tr> |
| 37 |
- <ti>Bugtraq security mailing-list</ti> |
| 38 |
- <ti> |
| 39 |
- <mail link="bugtraq@×××××××××××××.com">bugtraq@×××××××××××××.com</mail> |
| 40 |
- </ti> |
| 41 |
-</tr> |
| 42 |
-<tr> |
| 43 |
- <ti>Full-disclosure security mailing-list</ti> |
| 44 |
- <ti> |
| 45 |
- <mail link="full-disclosure@××××××××××××××.uk"> |
| 46 |
- full-disclosure@××××××××××××××.uk |
| 47 |
- </mail> |
| 48 |
- </ti> |
| 49 |
-</tr> |
| 50 |
-<tr> |
| 51 |
- <ti>Linuxsecurity.com advisories service</ti> |
| 52 |
- <ti> |
| 53 |
- <mail link="security-alerts@×××××××××××××.com"> |
| 54 |
- security-alerts@×××××××××××××.com |
| 55 |
- </mail> |
| 56 |
- </ti> |
| 57 |
-</tr> |
| 58 |
-<tr> |
| 59 |
<ti>Gentoo Linux announcement forum</ti> |
| 60 |
<ti><uri>http://forums.gentoo.org/viewforum.php?f=16</uri></ti> |
| 61 |
</tr> |
| 62 |
@@ -630,7 +608,6 @@ |
| 63 |
|
| 64 |
<ul> |
| 65 |
<li>The <c>To:</c> field must be set to gentoo-announce</li> |
| 66 |
-<li>The <c>Cc:</c> filed must contain the other email addresses</li> |
| 67 |
<li>The <c>From:</c> and <c>Return-Path:</c> must be set to the GLSA |
| 68 |
coordinator @gentoo.org address</li> |
| 69 |
<li>The <c>Subject:</c> field must be "[ GLSA XXXXYY-ZZ ] Your vulnerability |
| 70 |
@@ -652,10 +629,19 @@ |
| 71 |
handled by an automatic poster when it receives the announcement. |
| 72 |
</note> |
| 73 |
|
| 74 |
+<note> |
| 75 |
+Starting Feb 2, 2012, we have decied to no longer CC any third parties. |
| 76 |
+The gentoo-announce mailing list has little other traffic, so that they |
| 77 |
+should be subscribed there. General security mailing lists such as full- |
| 78 |
+disclosure or bugtraq are not our target audience, and having various |
| 79 |
+distributions send notices about the same issues is not of any use to most |
| 80 |
+readers there, they too should be on gentoo-announce. |
| 81 |
+</note> |
| 82 |
+ |
| 83 |
<p> |
| 84 |
When the GLSA has been published the corresponding bugzilla bug should be |
| 85 |
resolved as FIXED, with the GLSA number referenced in the comments section |
| 86 |
-of the bug. |
| 87 |
+of the bug. GLSAMaker 2 offers this option after releasing the advisory. |
| 88 |
</p> |
| 89 |
|
| 90 |
</body> |
Archives