oss-sec mailing list archives
Re: using oss-security references in CVE
From: Vincent Danen <vdanen () linsec ca>
Date: Thu, 27 Mar 2008 17:34:22 -0600
* [2008-03-28 00:09:46 +0100] Lubomir Kundrak wrote:
On Thu, 2008-03-27 at 18:59 -0400, Steven M. Christey wrote:All, In CVE, we try to provide "provenance" for every detail that makes its way into the description. Issues like rxvt and CenterIM have some details that are only publicly documented in oss-security, and I would like to add these as references.I agree. There shouldn't really be things like more public and less public places to share security-related information.
I think this list is pretty public, and is intentionally so. There should be no reason to hold back referring to oss-security messages as references for CVE names or any other vuln DB... in fact, this may even help the list to grow (which is ultimately what we want... within reason, of course). I see no problem with this. -- Vincent Danen @ http://linsec.ca/
Attachment:
_bin
Description:
Current thread:
- using oss-security references in CVE Steven M. Christey (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)
- Re: using oss-security references in CVE Vincent Danen (Mar 27)
- Re: using oss-security references in CVE Nico Golde (Mar 27)
- Re: using oss-security references in CVE Vincent Danen (Mar 27)
- Re: using oss-security references in CVE Solar Designer (Mar 27)
- Re: using oss-security references in CVE Josh Bressers (Mar 27)
- wiki: links from list archive (was: using oss-security references in CVE) Solar Designer (Mar 27)
- Re: wiki: links from list archive (was: using oss-security references in CVE) Josh Bressers (Mar 27)
- Re: using oss-security references in CVE Josh Bressers (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)