handling of the gnutls 2.2.4 security fixes
simon at josefsson.org
Tue May 20 11:44:32 CEST 2008
CERT-FI Vulnerability Co-ordination <vulncoord at ficora.fi> writes:
> > The 2.2.4 release was not handled properly. Vendor-sec received an
> > email on the 14th of May stating that CERT-FI was going to send mail
> > to us about an upcoming release of gnutls. That mail never arrived.
> > Vendor-sec is *the* place to discuss non-public issues like this.
> > Maybe this was the fault of the CERT, but the gnutls team should, in
> > the future, make an attempt to contact us even if whatever CERT is
> > dealing with the issue also promises to.
> Mea culpa. It seems I made an error when sending the announcement
> to the vendor-sec list. As I don't see the list myself, I did not
> realise that it never arrived. I'll try to be more precise with
> this in the future.
To update the public record regarding this (my replies to vendor-sec has
been private since the original email was intended to be private), you
did send it to the right address but vendor-sec's spam filter caught it.
More information about the Gnutls-devel