oss-sec mailing list archives

Re: charter

From: Josh Bressers <bressers () redhat com>
Date: Tue, 19 Feb 2008 09:04:03 -0500


Josh Bressers wrote:
| I just added my current working draft charter:
| http://oss-security.openwall.org/wiki/mailinglists/oss-security/charter

Good work, thanks :)

What do you mean by "Please don't send working vulnerabilities"?


We don't need the heat of people posting vulnerabilities that would allow
one to actually compromise a machine.  Ideally we want testcases the
exercise the flaw, not tools that could be used for malicious purposes.


I'd append "for non-public issues, please contact vendor-sec" to "Public
security issues only please"


Done


"Advisories are welcome"? I thought we decided that this was
discussion-only?


What do others think?  I can see it either way, so I put it in.

-- 
    JB

Current thread:

Re: wiki, (continued)
- Re: wiki Vincent Danen (Feb 17)
  - Re: wiki Solar Designer (Feb 18)
    - Re: wiki Vincent Danen (Feb 18)
    - Re: wiki Solar Designer (Feb 18)
    - Re: wiki - e-mail address obfuscation Solar Designer (Feb 18)
    - Re: wiki - e-mail address obfuscation Solar Designer (Feb 19)
    - Re: wiki - e-mail address obfuscation (GalaxyMaster) (Feb 19)
    - Re: wiki Vincent Danen (Feb 19)
    - Re: wiki Josh Bressers (Feb 18)
    - charter Jonathan Smith (Feb 18)
    - Re: charter Josh Bressers (Feb 19)
    - Re: charter Mark J Cox (Feb 19)
    - Re: charter Vincent Danen (Feb 19)
    - Re: charter - advisories Solar Designer (Feb 19)
    - Re: charter - advisories Josh Bressers (Feb 19)
    - Re: charter - advisories Vincent Danen (Feb 20)
    - Re: charter - advisories Solar Designer (Feb 24)
    - Re: charter - advisories Vincent Danen (Feb 24)
    - Re: charter - advisories Mark J Cox (Feb 25)
  - Re: wiki (GalaxyMaster) (Feb 18)
    - Re: wiki Vincent Danen (Feb 18)

(Thread continues...)