oss-sec mailing list archives
Re: charter - advisories
From: Solar Designer <solar () openwall com>
Date: Mon, 25 Feb 2008 01:26:00 +0300
On Wed, Feb 20, 2008 at 12:26:21PM -0700, Vincent Danen wrote:
Hmmm... maybe we should clarify the advisories we don't want to see. I guess advisories from, say, iDefense, would be valuable. But advisories from Mandriva or SUSE not so much. Maybe we should indicate no *vendor* advisories,
I think this is pretty much what we did already. From the charter: Security advisories aimed at end-users only are not welcome (e.g., those from a distribution vendor announcing new pre-built packages). There has to be desirable information for others in the Open Source community (e.g., an upstream maintainer may announce a new version of their software with security fixes to be picked up by distributors). If you can word this better, please go ahead and edit it on the wiki.
and make a second list specifically for that?
I'd be happy to make such a list if there's demand - is there? Let me address this question to those vendors (represented in here) who currently copy their advisories to Bugtraq - will you start sending them to this new special-purpose list? If so, will you discontinue sending them to Bugtraq, suggesting that whoever wants to receive all-vendor advisories should subscribe the new special-purpose list? I think this could help us reclaim Bugtraq as a general security discussion list. Note that Bugtraq will remain quite different from oss-security even if reclaimed as a discussion list. oss-security is for people involved with OSS projects (although others are welcome to listen to our conversations) and for detailed discussions of source code patches, etc. when that is needed. Bugtraq is for everyone, including end-users and closed-source folks - and it is large-scale, meaning that discussions of individual issues should not run for too long and get into minor detail. Also, a question to those vendors (represented in here) who don't copy their advisories to Bugtraq currently (too shy or polite) - will you start sending them to this new special-purpose list? Thanks, Alexander
Current thread:
- Re: wiki - e-mail address obfuscation, (continued)
- Re: wiki - e-mail address obfuscation (GalaxyMaster) (Feb 19)
- Re: wiki Vincent Danen (Feb 19)
- Re: wiki Josh Bressers (Feb 18)
- charter Jonathan Smith (Feb 18)
- Re: charter Josh Bressers (Feb 19)
- Re: charter Mark J Cox (Feb 19)
- Re: charter Vincent Danen (Feb 19)
- Re: charter - advisories Solar Designer (Feb 19)
- Re: charter - advisories Josh Bressers (Feb 19)
- Re: charter - advisories Vincent Danen (Feb 20)
- Re: charter - advisories Solar Designer (Feb 24)
- Re: charter - advisories Vincent Danen (Feb 24)
- Re: charter - advisories Mark J Cox (Feb 25)