oss-sec mailing list archives
Re: CVE id request: vlc
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 11 Nov 2008 15:48:18 -0500 (EST)
On Tue, 11 Nov 2008, [UTF-8] Rémi Denis-Courmont wrote:
CVE.mitre.org says nothing about vendor obtaining a CVE number, only researchers. And typically, these guys don't do it, when dealing with videolan.org anyway.
I'm sorry, I did not mean to sound critical of you or anybody on the oss-security mailing list. Many consumers probably don't care if bug 1 affects a slightly different set of versions than bug 2. It just happens to be something that's important for CVE, and (indirectly) people who rely on it. I was using the vlc case as an example of a general challenge that we're facing in CVE that's arisen as a result of the creation of the oss-security list, which I fully support. We certainly don't want to interfere with the way that open source developers handle security issues. - Steve
Current thread:
- CVE id request: vlc Nico Golde (Oct 14)
- Re: CVE id request: vlc Steven M. Christey (Oct 14)
- <Possible follow-ups>
- CVE id request: vlc Nico Golde (Oct 19)
- Re: CVE id request: vlc Steven M. Christey (Oct 22)
- Re: CVE id request: vlc Nico Golde (Oct 22)
- Re: CVE id request: vlc Steven M. Christey (Oct 22)
- CVE id request: vlc Nico Golde (Nov 05)
- Re: CVE id request: vlc Steven M. Christey (Nov 10)
- Re: CVE id request: vlc Nico Golde (Nov 10)
- Re: CVE id request: vlc Steven M. Christey (Nov 10)
- Re: CVE id request: vlc Rémi Denis-Courmont (Nov 11)
- Re: CVE id request: vlc Steven M. Christey (Nov 11)
- Re: CVE id request: vlc Steven M. Christey (Nov 10)