oss-sec mailing list archives
Re: accepting new members to (linux-)distros lists
From: Kristian Fiskerstrand <k_f () gentoo org>
Date: Sun, 2 Jul 2017 22:38:29 +0200
On 07/02/2017 10:20 PM, Anthony Liguori wrote:
I've been thinking about this list of items and also some of the challenges of Stack Clash. Something that frequently came up was uncertainty about what the current set of patches were and there was also lack of clarity on dates.
...
What do you think about having a public bugzilla (or similar system) where tracked issues are kept as private bugs?
...
Thoughts?
The immediate thought that springs to mind is the [lack of OpenPGP support in bugzilla] which makes it difficult to ensure confidentiality unless disabling all email warnings. For an organization it is possible to ensure a level of security as they control all email endpoints (and disable email forwarding), so information never leaves a secured zone, but for multiple parties involved it would need to be fixed or configured to only send e.g "Bug XXX has been updated, please log in to see details", which can make the workflow inconvenient. Notes: [lack of OpenPGP support in bugzilla] I say lack of OpenPGP support as the current implementation is too flawed to be used, this is elaborated on in http://www.openwall.com/lists/oss-security/2016/02/13/8 -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 01)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 01)
- Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 01)
- Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- <Possible follow-ups>
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
- Re: accepting new members to (linux-)distros lists gremlin (Jul 03)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 03)
- Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists) Kristian Fiskerstrand (Jul 03)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
- Re: accepting new members to (linux-)distros lists Henri Salo (Jul 25)