Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm

[full-disclosure () lists netsys com (John Cartwright)]

On Wed, Jul 31, 2002 at 02:59:57PM +0300, Guy Cohen wrote:
> Isn't this list moderated?

No, but it is a closed list. We allow posts from non-members based on
their merit and relevance.

> Why do all vendors suddenly want to spam us with tons of *useless*
> advisories, that we get anyhow?

We believe that the vendor notifications are useful information. To
provide a viable alternative to other more commercial lists, we need to
extend our reach to as wide a range of people as possible. I have been
campaigning for vendors to submit content to us for this reason.

> didn't the post on bugtraq say that the new mailing list has been build
> because securityfocus has gone commercial?

Yes. I fail to see the commercialism in allowing vendors to post their
advisories. We're not making anything from it, and I doubt they are either.

Our original statement was questioning whether a commercial entity could
operate a mailing list such as this and remain unbiased, and more
importantly, not profit from the information (and early access to it)
themselves.

All of the above are well-documented in the (draft) list charter, available
at http://lists.netsys.com/full-disclosure-charter.html

- John