Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Feb 2008 14:50:03 -0500
From: Josh Bressers <>
To:, Solar Designer <>
Subject: Re: charter - advisories

> On Tue, Feb 19, 2008 at 10:09:23AM -0700, Vincent Danen wrote:
> > Yeah, I noticed this as well.  I think advisories should be kept off the
> > list, for the same "signal-to-noise ratio" principal as bugtraq and FD.
> For now, I've edited the charter draft as follows:
> Security advisories aimed at end-users only are not welcome (e.g., those
> from a distribution vendor announcing new pre-built packages).  There has
> to be desirable information for others in the Open Source community
> (e.g., an upstream maintainer may announce a new version of their
> software with security fixes to be picked up by distributors).
> If anyone can word it better, please do.
> > It may be a better idea, if desired, to make a separate list that is a
> > fully moderated (or possibly a reject-all with exceptions) list specific
> > to carrying vendor advisories.
> Yes, that was my idea too.  However, now that we mention the distinction
> between two kinds of advisories (those for end-users only vs. those
> useful to others as well), I am not sure which of these we want to go to
> that other list.  Should we create a list for advisories that are useful
> for us, then change the above guideline to "no advisories" for the main
> oss-security list?  Or should we create a list for both kinds of
> advisories?  In the latter case, should we ban the useful advisories
> from the main oss-security list or should these be CC'ed to both lists?
> Or should we create two new lists?..

Let's leave it be for now.  Given how much speculation this is causing, I'm
hesitant to solve a problem that doesn't yet exist.

I like the above text, that sounds nice.  If this proves to be a problem at
a later date, we can create some new lists.


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ