oss-sec mailing list archives
Re: How to request a CVE for open source projects
From: Kurt H Maier <khm () sciops net>
Date: Mon, 22 May 2017 19:17:02 -0700
On Mon, May 22, 2017 at 08:04:41PM -0600, Kurt Seifried wrote:
I disagree. If not assigning CVE's on the list kills this list, then... wow. Good to know I personally kept this list up and running for a few years.
Nobody said that, and I haven't said anything that wasn't said when this change was first dropped on us. The difference you're talking around is that vulnerabilities used to appear on this list of necessity, and now we either have to hope reporters cross-post or else monitor some number of different databases and post everything ourselves. If you'll recall, this is why it was suggested that non-embargoed webforum submissions automatically post here. But it's clear nobody was interested in making that happen, and now we get a pile of infrastructure instead. Que sera sera, but I stand by the opinion that the new processes have lost something along the way.
Which README specifically (there's a bunch), feel free to reply offlist.
I've submitted a pull request, since that seems to be the primary form of human communication now. khm
Current thread:
- How to request a CVE for open source projects Michael Catanzaro (May 22)
- Re: How to request a CVE for open source projects Marcus Meissner (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Perry E. Metzger (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 23)
- Re: How to request a CVE for open source projects Kurt H Maier (May 22)
- Re: How to request a CVE for open source projects Marcus Meissner (May 22)
- Re: How to request a CVE for open source projects Martin (May 22)
- Re: How to request a CVE for open source projects Kurt Seifried (May 22)