Date: Tue, 19 Feb 2008 22:44:22 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: charter - advisories On Tue, Feb 19, 2008 at 10:09:23AM -0700, Vincent Danen wrote: > Yeah, I noticed this as well. I think advisories should be kept off the > list, for the same "signal-to-noise ratio" principal as bugtraq and FD. For now, I've edited the charter draft as follows: Security advisories aimed at end-users only are not welcome (e.g., those from a distribution vendor announcing new pre-built packages). There has to be desirable information for others in the Open Source community (e.g., an upstream maintainer may announce a new version of their software with security fixes to be picked up by distributors). If anyone can word it better, please do. > It may be a better idea, if desired, to make a separate list that is a > fully moderated (or possibly a reject-all with exceptions) list specific > to carrying vendor advisories. Yes, that was my idea too. However, now that we mention the distinction between two kinds of advisories (those for end-users only vs. those useful to others as well), I am not sure which of these we want to go to that other list. Should we create a list for advisories that are useful for us, then change the above guideline to "no advisories" for the main oss-security list? Or should we create a list for both kinds of advisories? In the latter case, should we ban the useful advisories from the main oss-security list or should these be CC'ed to both lists? Or should we create two new lists?.. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ