[DRE-maint] Do you receive security tracker emails from upstream redmine ?
Soren Stoutner
soren at debian.org
Fri Aug 1 23:51:04 BST 2025
On Friday, August 1, 2025 3:45:26 PM Mountain Standard Time Jérémy Lal wrote:
> Le sam. 2 août 2025 à 00:43, Soren Stoutner <soren at debian.org> a écrit :
> > On Friday, August 1, 2025 7:19:34 AM Mountain Standard Time Jérémy Lal
> >
> > wrote:
> > > Hi,
> > >
> > > I still receive these emails from upstream redmine:
> > > [Security - Defect #43083] Information disclosure in Two-Factor
> > > Authentication
> > >
> > > but I'm not sure you do receive these, too.
> > > Also I'm not sure what would be the proper recipient (
> > > redmine at packages.debian.org ?).
> >
> > No, redmine at packages.debian.org does not receive these emails, although
> > it
> > would probably be a good idea. It looks like they are disclosed by email
> > before they are publicly posted at:
> >
> > https://www.redmine.org/projects/redmine/wiki/Security_Advisories
>
> I don't know well enough how <package>@packages.debian.org works:
> is it "public" ?
I’m not sure. My guess is that either it automatically emails all the
Maintainers and Uploaders listed for the package or it emails anyone
subscribed on the tracker:
https://tracker.debian.org/pkg/redmine
It is probably one of these two things because I received the email and
haven’t done anything else to subscribe to it.
--
Soren Stoutner
soren at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-ruby-extras-maintainers/attachments/20250801/5b607387/attachment.sig>
More information about the Pkg-ruby-extras-maintainers
mailing list