Date: Mon, 25 Feb 2008 01:26:00 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: charter - advisories On Wed, Feb 20, 2008 at 12:26:21PM -0700, Vincent Danen wrote: > Hmmm... maybe we should clarify the advisories we don't want to see. I > guess advisories from, say, iDefense, would be valuable. But advisories > from Mandriva or SUSE not so much. > > Maybe we should indicate no *vendor* advisories, I think this is pretty much what we did already. From the charter: Security advisories aimed at end-users only are not welcome (e.g., those from a distribution vendor announcing new pre-built packages). There has to be desirable information for others in the Open Source community (e.g., an upstream maintainer may announce a new version of their software with security fixes to be picked up by distributors). If you can word this better, please go ahead and edit it on the wiki. > and make a second list specifically for that? I'd be happy to make such a list if there's demand - is there? Let me address this question to those vendors (represented in here) who currently copy their advisories to Bugtraq - will you start sending them to this new special-purpose list? If so, will you discontinue sending them to Bugtraq, suggesting that whoever wants to receive all-vendor advisories should subscribe the new special-purpose list? I think this could help us reclaim Bugtraq as a general security discussion list. Note that Bugtraq will remain quite different from oss-security even if reclaimed as a discussion list. oss-security is for people involved with OSS projects (although others are welcome to listen to our conversations) and for detailed discussions of source code patches, etc. when that is needed. Bugtraq is for everyone, including end-users and closed-source folks - and it is large-scale, meaning that discussions of individual issues should not run for too long and get into minor detail. Also, a question to those vendors (represented in here) who don't copy their advisories to Bugtraq currently (too shy or polite) - will you start sending them to this new special-purpose list? Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ