Re: Closed list

[Tim Zingelman <tez () netbsd org>]

On Mon, Apr 4, 2011 at 10:02 AM, Matthias Andree <matthias.andree () gmx de> wrote:
> Am 02.04.2011 02:08, schrieb Dan Rosenberg:
>
> This raises an interesting point, "downstream providers of third-party
> software".
>
> In my case, I'd understand that I might want to offer vendors the
> possibility to co-ordinate upgrades for bogofilter, fetchmail, and
> leafnode, in lexicographical order, and possibly for a FreeBSD port --
> although I'm not a representative of FreeBSD's security officer team
> (nor would that team usually deal with third-party software
> vulnerabilities unless it's in the basde system).

Both FreeBSD and NetBSD have separate security teams that work to keep
the third-party software provided by the FreeBSD ports system
http://www.freebsd.org/ports/index.html and NetBSD pkgsrc system
http://www.netbsd.org/docs/software/packages.html patched for
vulnerabilities.  (Note that the pkgsrc system is cross platform and
works on *BSD, Solaris, Linux and many other platforms.)  I'd guess
other BSD and Solaris distro's have similar teams.  I'd like to either
see members of these teams included, or a second list created for all
issues not specific to linux.  (FWIW I am on the pkgsrc security
team.)

I'll also second the question someone else posed about how cc'ing
others off the list could reasonably work if all messages are
encrypted.

Thanks,

 - Tim