oss-sec mailing list archives

Re: using oss-security references in CVE

From: Nico Golde <oss-security+ml () ngolde de>
Date: Fri, 28 Mar 2008 01:09:40 +0100

Hi Vincent,
* Vincent Danen <vdanen () linsec ca> [2008-03-28 00:51]:

* [2008-03-28 00:09:46 +0100] Lubomir Kundrak wrote:

On Thu, 2008-03-27 at 18:59 -0400, Steven M. Christey wrote:

In CVE, we try to provide "provenance" for every detail that makes its way
into the description.  Issues like rxvt and CenterIM have some details
that are only publicly documented in oss-security, and I would like to add
these as references.


I agree. There shouldn't really be things like more public and less
public places to share security-related information.


I think this list is pretty public, and is intentionally so.  There
should be no reason to hold back referring to oss-security messages as
references for CVE names or any other vuln DB... in fact, this may even
help the list to grow (which is ultimately what we want... within
reason, of course).

I see no problem with this.


Just that it doesn't look like two single opinions: ACK :)
Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description:

Current thread:

using oss-security references in CVE Steven M. Christey (Mar 27)
- Re: using oss-security references in CVE Lubomir Kundrak (Mar 27)
  - Re: using oss-security references in CVE Vincent Danen (Mar 27)
    - Re: using oss-security references in CVE Nico Golde (Mar 27)
- Re: using oss-security references in CVE Solar Designer (Mar 27)
  - Re: using oss-security references in CVE Josh Bressers (Mar 27)
    - wiki: links from list archive (was: using oss-security references in CVE) Solar Designer (Mar 27)
    - Re: wiki: links from list archive (was: using oss-security references in CVE) Josh Bressers (Mar 27)