oss-sec mailing list archives

Re: Closed list

From: Josh Bressers <bressers () redhat com>
Date: Mon, 11 Apr 2011 15:57:51 -0400 (EDT)

----- Original Message -----


Postponed. I'd like to see any support for you getting onto the Linux
distros security contacts list, with reasoning, or/and any other
suggestions on what to do in this case. Josh - what do you think (as
someone who advocated the setup of a vendor-sec replacement)?


My initial thought is that a vendor without public advisories is a
liability.

I don't want to get into the politics of not publishing your advisories,
but at the same time, public information such as this is all we have to
measure if a vendor is using the information at hand.

I'm happy to draw a line in the sand and make public advisories a mandatory
requirement. If anyone disagrees, please speak up. This is my personal
opinion, other viewpoints are welcome.

Thanks.

-- 
    JB

Current thread:

Re: Closed list, (continued)
- Re: Closed list Thomas Biege (Apr 05)
  - Re: Closed list Solar Designer (Apr 05)
- Re: Closed list akuster (Apr 06)
  - Re: Closed list Solar Designer (Apr 06)
    - Re: Closed list akuster (Apr 06)
    - Re: Closed list Michael Gilbert (Apr 06)
    - Re: Closed list akuster (Apr 07)
    - Re: Closed list akuster (Apr 08)
    - Re: Closed list Solar Designer (Apr 09)
    - Re: Closed list akuster (Apr 11)
    - Re: Closed list Josh Bressers (Apr 11)
    - Re: Closed list Moritz Muehlenhoff (Apr 11)
    - Re: Closed list akuster (Apr 12)
    - Re: Closed list Michael Gilbert (Apr 12)
    - Re: Closed list akuster (Apr 12)
    - Re: Closed list Ronald van den Blink (Apr 13)
    - Re: Closed list akuster (Apr 13)
    - Re: Closed list Ronald van den Blink (Apr 13)
    - Re: Closed list akuster (Apr 12)
    - Re: Closed list akuster (May 26)
    - Re: Closed list Dan Rosenberg (May 26)

(Thread continues...)