oss-sec mailing list archives
Re: using oss-security references in CVE
From: Nico Golde <oss-security+ml () ngolde de>
Date: Fri, 28 Mar 2008 01:09:40 +0100
Hi Vincent, * Vincent Danen <vdanen () linsec ca> [2008-03-28 00:51]:
* [2008-03-28 00:09:46 +0100] Lubomir Kundrak wrote:On Thu, 2008-03-27 at 18:59 -0400, Steven M. Christey wrote:In CVE, we try to provide "provenance" for every detail that makes its way into the description. Issues like rxvt and CenterIM have some details that are only publicly documented in oss-security, and I would like to add these as references.I agree. There shouldn't really be things like more public and less public places to share security-related information.I think this list is pretty public, and is intentionally so. There should be no reason to hold back referring to oss-security messages as references for CVE names or any other vuln DB... in fact, this may even help the list to grow (which is ultimately what we want... within reason, of course). I see no problem with this.
Just that it doesn't look like two single opinions: ACK :) Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- using oss-security references in CVE Steven M. Christey (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)
- Re: using oss-security references in CVE Vincent Danen (Mar 27)
- Re: using oss-security references in CVE Nico Golde (Mar 27)
- Re: using oss-security references in CVE Vincent Danen (Mar 27)
- Re: using oss-security references in CVE Solar Designer (Mar 27)
- Re: using oss-security references in CVE Josh Bressers (Mar 27)
- wiki: links from list archive (was: using oss-security references in CVE) Solar Designer (Mar 27)
- Re: wiki: links from list archive (was: using oss-security references in CVE) Josh Bressers (Mar 27)
- Re: using oss-security references in CVE Josh Bressers (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)