oss-sec mailing list archives
Re: Vendor-sec hosting and future of closed lists
From: Eugene Teo <eugene () redhat com>
Date: Tue, 15 Mar 2011 17:00:35 +0800
On 03/15/2011 11:01 AM, Mike O'Connor wrote:
[catching up on older emails] :> > They do this already today, that's what security () kernel org is for, and :> > it gets a bit of traffic like this every week. :> :> Is this list open to the public? It doesn't seem to be available on :> http://vger.kernel.org/vger-lists.html. : :No, it is closed, as it should be as potential security problems are :mailed there. You don't want that to be totally open, right? One suggestion I've made in the past is to have the list _archives_ be open. So anything older than, say, a month is made public. That way, folks can see how issues were disclosed, how decisions were reached, etc. for old issues that are no longer under embargo. The way I see it, if we don't publish the list archive on our own terms, miscreants will get around to publishing it for us.
Any fixes for the issues reported in s@k.o will be committed to the upstream kernel immediately. The "disclosures" of those fixes are shared in this list. Keep a look out for my emails.
Eugene -- main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
Current thread:
- Re: Vendor-sec hosting and future of closed lists, (continued)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Kees Cook (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Michael Gilbert (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 14)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 15)
- RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 15)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 15)
- RE: Vendor-sec hosting and future of closed lists Menkhus, Mark (GSE Security HP SSRT) (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 16)
- RE: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Dan Rosenberg (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 03)
- Re: Vendor-sec hosting and future of closed lists Mark J Cox (Mar 04)