Re: Vendor-sec hosting and future of closed lists

[Eugene Teo <eugene () redhat com>]

On 03/15/2011 11:01 AM, Mike O'Connor wrote:
> [catching up on older emails]
>
> :>  >  They do this already today, that's what security () kernel org is for, and
> :>  >  it gets a bit of traffic like this every week.
> :>
> :>  Is this list open to the public?  It doesn't seem to be available on
> :>  http://vger.kernel.org/vger-lists.html.
> :
> :No, it is closed, as it should be as potential security problems are
> :mailed there.  You don't want that to be totally open, right?
>
> One suggestion I've made in the past is to have the list _archives_ be
> open.  So anything older than, say, a month is made public.  That way,
> folks can see how issues were disclosed, how decisions were reached,
> etc.  for old issues that are no longer under embargo.  The way I see
> it, if we don't publish the list archive on our own terms, miscreants
> will get around to publishing it for us.

Any fixes for the issues reported in s@k.o will be committed to the 
upstream kernel immediately. The "disclosures" of those fixes are shared 
in this list. Keep a look out for my emails.

Eugene
--
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }