Hi Don, On Thu, Jul 07, 2016 at 08:40:27AM +0200, Moritz Mühlenhoff wrote: > On Wed, Jul 06, 2016 at 05:16:50PM -0500, Don Armstrong wrote: > > On Wed, 06 Jul 2016, Salvatore Bonaccorso wrote: > > > On Tue, May 24, 2016 at 06:54:00AM +0200, Salvatore Bonaccorso wrote: > > > > Hi, > > > > > > > > On Mon, May 23, 2016 at 10:49:54PM +0200, Moritz Mühlenhoff wrote: > > > > > Hi, > > > > > adding t...@security.debian.org to CC and quoting in full below to > > > > > solicit further comments. > > > > > > > > > > I think Drake's proposal makes perfect sense, the current behaviour > > > > > is mostly historic, it > > > > > was around before I joined the security team ten years ago. > > > > > > > > > > And maybe let's add something like: > > > > > "If you want to contact the security in private, please write to > > > > > t...@security.debian.org, > > > > > if you want to discuss this on a public mailing list write to > > > > > debian-secur...@lists.debian.org." > > > > > > > > Just a "agree" from my side. It probably would make sense to not send > > > > replies to debian-security@l.d.o but instead have it sent to another > > > > mail which autoreplies with a set of indications what can be done and > > > > expand it with the above two lines. IIRC if someone tries to post to > > > > d-s-a manually, it get's already such an autoreply, just needs to say > > > > as well the further two contact lines. > > > > > > is there any furhter information needed from the security team for > > > this, or any other blocker? > > > > The choices without significant extra engineering are to have Reply-To: > > messages to go debian-secur...@lists.debian.org, not to set a Reply-To: > > or to have Reply-To set to > > debian-security-announce-requ...@lists.debian.org > > > > I'm OK with whatever y'all decide. > > Let's have the Reply-To set to > debian-security-announce-requ...@lists.debian.org, then. That will provide > people with all the necessary information.
It would be great to have this somehow soonish. The debian-security list is currently quite often spammed with autoreplies from people subscribed to d-s-a. Here is a signed ack, as well from my side additionally to Moritz'. Regards, Salvatore
signature.asc
Description: PGP signature
