[Pkg-freeradius-maintainers] Bug#863673: Bug#863673: CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 1 07:34:44 UTC 2017
Hi
On Thu, Jun 01, 2017 at 08:54:57AM +0200, Michael Stapelberg wrote:
> I got the idea from https://www.debian.org/security/faq#upload. Is the FAQ
> outdated, or did I read it wrong? If the latter, please elaborate so that
> we can update the docs to be more clear.
The idea behind that FAQ entry is to state that an upload should never
be done without first having an ack from the security team. The
dev-ref gives a broather view on how to handle security-issues, and
interact with the team:
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#bug-security
Maybe we should rephrase a bit the FAQ entry itself.
Regards,
Salvatore
More information about the Pkg-freeradius-maintainers
mailing list