The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vendor-sec disclosure policy

To: Bruce@Pixar.com, debian-private@lists.debian.org
Subject: Re: Vendor-sec disclosure policy
From: Enrique Zanardi <ezanardi@noah.dfis.ull.es>
Date: Sun, 20 Jul 1997 13:57:59 +0100 (WEST)
In-reply-to: <m0wpuB7-000B7iC@monad.swb.de>
Resent-cc: recipient list not shown: ;
Resent-date: 20 Jul 1997 13:55:57 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"ASFP53.0.Uc5.jZXqp"@debian>
Resent-sender: debian-private-request@lists.debian.org
Sender: ezanardi@vilaflor.ccti.ull.es

On Sun, 20 Jul 1997, Olaf Kirch wrote:

> On Fri, 18 Jul 1997 17:59:18 BST, Enrique Zanardi wrote:
> [Quoted message from vendor-sec deleted]
> 
> Let me ask people to not re-distribute things posted to this list too
> widely. Information posted here can be either confidential (about
> security holes not yet disclosed; forwarded info from CERT), or
> preliminary (MD5sums of fixes may change if the distributor goes through
> another test cycle before releasing the update info), etc.
> 
> Therefore, it is not a good idea to re-post this info to other mailing
> lists, as Enrique did. It is desirable to include individual maintainers
> in the discussion of a particular fix, but general information leakage
> will only complicate our work.
> 
> Currently, there are two addresses on the list that are obvious mailing
> list aliases, security@caldera.com and security@debian.org. I know that on
> the caldera alias, there are currently 8 ppl from both Caldera and LST.
> How many are there on the Debian list? I would feel a little reluctant
> about posting confidential info to this list if it turns out that
> it is being resent to 100+ people by way of exploders or procmail filters.
> Also, there seems to be interest at DFN-CERT to use this list as a general
> sink for Linux-related security information they receive, which may also
> be strictly confidential if it affects other OSes besides Linux.

Bruce, it was my fault to reply to that message without trimming down the
recipients list. It was meant to be a message to debian-private only, but
I decided to cancel it, and messed it up.
(Damned Pine uses Control-C to cancel a message, and Control-X to send it.
Dumb operator's fingers did the rest...)

Do you want to reply "officially" to Olaf about the use of 
security@debian.org and debian-private@debian.org? Or may I explain him 
that I didn't re-post to _other_ mailing list, as security@debian.org is an 
alias to debian-private, the debian-developers-only list?

	Thanks,
-- 
Enrique Zanardi					ezanardi@noah.dfis.ull.es
Dpto. Fisica Fundamental y Experimental
Univ. de La Laguna


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

References:
- Vendor-sec disclosure policy
  - From: Olaf Kirch <okir@monad.swb.de>

Prev by Date: Re: gnuplot
Next by Date: Re: SPI and people's dignity
Previous by thread: Vendor-sec disclosure policy
Next by thread: Re: Vendor-sec disclosure policy
Index(es):
- Date
- Thread