This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Policy for posting security bug reports?

On 6/25/2012 4:46 PM, Russ Allbery wrote:
> Carlos O'Donell <carlos_odonell@mentor.com> writes:
> 
>> Thanks for your feedback. Is this recommendation based on your
>> experience in working with CERT?
> 
> Yeah.  Not direct experience, but what I've heard from other projects and
> some conversations they've reported with the CERT folks.
> 
>> One easy point of contact is the newly appointed release manager for the
>> branch currently in development. That person could then pull in the
>> appropriate people.
> 
> Yeah, that would work.  You do want that person to have a published GnuPG
> key so that people can send encrypted mail, though.  I don't know how
> universal that is these days.  (I do a lot with Debian, so I'm spoiled in
> being about to assume that everyone has a GnuPG key.)
 
I would like to say that it's a *requirement* of the release manager to
have a published GnuPG key. They need it to sign the uploads to ftp.gnu.org.

Cheers,
Carlos.
-- 
Carlos O'Donell
Mentor Graphics / CodeSourcery
carlos_odonell@mentor.com
carlos@codesourcery.com
+1 (613) 963 1026
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]