Date: Wed, 20 Feb 2008 12:26:21 -0700 From: Vincent Danen <vdanen@...sec.ca> To: oss-security@...ts.openwall.com Subject: Re: charter - advisories * [2008-02-19 22:44:22 +0300] Solar Designer wrote: >> It may be a better idea, if desired, to make a separate list that is a >> fully moderated (or possibly a reject-all with exceptions) list specific >> to carrying vendor advisories. > >Yes, that was my idea too. However, now that we mention the distinction >between two kinds of advisories (those for end-users only vs. those >useful to others as well), I am not sure which of these we want to go to >that other list. Should we create a list for advisories that are useful >for us, then change the above guideline to "no advisories" for the main >oss-security list? Or should we create a list for both kinds of >advisories? In the latter case, should we ban the useful advisories >from the main oss-security list or should these be CC'ed to both lists? >Or should we create two new lists?.. Hmmm... maybe we should clarify the advisories we don't want to see. I guess advisories from, say, iDefense, would be valuable. But advisories from Mandriva or SUSE not so much. Maybe we should indicate no *vendor* advisories, and make a second list specifically for that? -- Vincent Danen @ http://linsec.ca/ Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ