Re: NetBSD/pkgsrc membership on distros list

[Solar Designer <solar () openwall com>]

On Tue, May 16, 2017 at 11:12:28AM -0700, Alistair Crooks wrote:
> On 16 May 2017 at 10:21, Solar Designer <solar () openwall com> wrote:
> > Over the last few days, there have been repeated requests to get a
> > response specifically from NetBSD in a thread on the distros list.
> > There was no response.  Additionally, the reporter of a vulnerability
> > mentioned getting no response to their direct e-mail to your
> > security-officer address.
>
> It hit my inbox when I'd just come back from 2 weeks vacation.
>
> When it finally got my attention, the mail itself did little to make
> me think it was legit, since I saw an attachment and a subject line
> that was generic in the extreme. Mentally, I filed it as spam.
> Virtually, too.
>
> I saw more traction on oss-security with the same subject, and

I think you mean on distros.

> realised (too late, I fear) that it wasn't yet another phishing
> attempt. I also heard from other channels that people were trying to
> contact me.
>
> My fault. Sorry.
>
> The security team at NetBSD have done an analysis, and have our own
> comments to make. I'll do that in due course.

OK.

For now, I'll resume NetBSD subscription with you as the only
representative, since we still haven't heard from the other two persons
who were subscribed for NetBSD (no need for them to post to oss-security
now, but at least they can reply on the distros thread if they read it,
or to me personally).  You were on vacation, but they could respond - in
fact, that's an often cited reason to have multiple people subscribed.

> I used to be on oss-security. Don't know what happened if I've been thrown off.

I'll e-mail you off-list to figure this out.

Thanks,

Alexander