oss-sec mailing list archives

Re: using oss-security references in CVE

From: Vincent Danen <vdanen () linsec ca>
Date: Thu, 27 Mar 2008 17:34:22 -0600

* [2008-03-28 00:09:46 +0100] Lubomir Kundrak wrote:

On Thu, 2008-03-27 at 18:59 -0400, Steven M. Christey wrote:

All,

In CVE, we try to provide "provenance" for every detail that makes its way
into the description.  Issues like rxvt and CenterIM have some details
that are only publicly documented in oss-security, and I would like to add
these as references.


I agree. There shouldn't really be things like more public and less
public places to share security-related information.


I think this list is pretty public, and is intentionally so.  There
should be no reason to hold back referring to oss-security messages as
references for CVE names or any other vuln DB... in fact, this may even
help the list to grow (which is ultimately what we want... within
reason, of course).

I see no problem with this.

--
Vincent Danen @ http://linsec.ca/

Attachment: _bin
Description:

Current thread:

using oss-security references in CVE Steven M. Christey (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)
  - Re: using oss-security references in CVE Vincent Danen (Mar 27)
    - Re: using oss-security references in CVE Nico Golde (Mar 27)
- Re: using oss-security references in CVE Solar Designer (Mar 27)
  - Re: using oss-security references in CVE Josh Bressers (Mar 27)
    - wiki: links from list archive (was: using oss-security references in CVE) Solar Designer (Mar 27)
    - Re: wiki: links from list archive (was: using oss-security references in CVE) Josh Bressers (Mar 27)