Re: Closed list

[Solar Designer <solar () openwall com>]

On Fri, Apr 01, 2011 at 04:17:32PM -0400, Dan Rosenberg wrote:
> I'd prefer if any private replacement for vendor-sec were either:
>
> 1. Strictly limited to vendor coordination of embargoed security
> issues (with membership reflecting this purpose), or

This is what we have with the list I've setup today.

> 2. Opened up to researchers who have contributed knowledge and
> findings in this area, and are deemed trustworthy by other list
> subscribers or some other community opinion.

We may setup a separate list for this later.

> In other words, it doesn't make sense to me to use "member of the old
> vendor-sec" as the only requirement for subscription, as some of the
> old members may not be eligible depending on the purpose of the new
> list.

Right.  There will be a lot fewer people on the new list now.  This
requirement is mostly just to start with what's obviously a subset of
the old vendor-sec's members.

> I understand that this is just a preliminary solution, but I
> think the question of membership should be sorted out sooner rather
> than later.

Indeed.  I think my decision to limit this to Linux distro security
contacts takes care of that for this one list.

Alexander