oss-sec mailing list archives
Re: Closed list
From: akuster <akuster () mvista com>
Date: Mon, 02 May 2011 07:03:55 -1000
On 05/02/2011 06:12 AM, Solar Designer wrote:
On Mon, May 02, 2011 at 04:56:30AM -1000, akuster wrote:On 04/30/2011 04:51 AM, Solar Designer wrote: <snipped>Hence, I've saved your subscription request to a separate folder, to revisit it if a decision is made to start adding "closed" vendors to the list, if Wind River starts to publish advisories and updates (in other words, if it becomes no more closed than Red Hat), or if a suitable separate list is setup.Can you clarify what is meant by updates?RHEL-like .src.rpm's or equivalent will do. Something else might do.
Ok.. but do they need to be publicly available ( ie no service or maintenance contract to get)?
While we're at it, just what software do MontaVista and Wind River ship?
MontaVista ships Linux, apps, toolchains and misc cross development tools. The number of applications vary depending on the product version. MVL6 and CGE 6 both use bitbake (ie receipt sytle) and older products use RPM.
My guess is that embedded Linux distro vendors would not care about vulnerabilities in desktop-specific apps (e.g., the X server), but I could be wrong.
We do supply X server. And there are other software categories, which may or
may not be relevant. It'd be nice for potential reporters of security issues to know which vendors might be affected.
yes it would be nice. I will add it to my list of things todo. - Armin
Current thread:
- Re: Closed list, (continued)
- Re: Closed list Josh Bressers (Apr 13)
- Re: Closed list akuster (Apr 13)
- Re: Closed list Dan Rosenberg (Apr 13)
- Re: Closed list akuster (Apr 13)
- Re: Closed list Tomas Hoger (Apr 14)
- Re: Closed list akuster (Apr 14)
- Re: Closed list Josh Bressers (Apr 13)
- Re: Closed list Solar Designer (Apr 30)
- Re: Closed list akuster (May 02)
- Re: Closed list Solar Designer (May 02)
- Re: Closed list akuster (May 02)
- Re: Closed list Solar Designer (May 02)
- Re: Closed list akuster (May 02)
- Re: [security-vendor] Re: [oss-security] Closed list Mark Hatle (May 02)
- Re: Closed list Solar Designer (May 02)
- Re: Closed list Mark J Cox (May 03)