Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Sat, 5 Apr 2008 16:14:58 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: wiki: vendor info & osvdb.org/vendors

On Fri, Apr 04, 2008 at 07:06:36PM -0400, Josh Bressers wrote:
> > 	http://osvdb.org/vendors
> 
> Holy Smokes that's impressive!
> 
> I don't think there's anything to consolidate, I think we just need to
> ensure everything on the oss-security wiki page is in your data (I would be
> surprised if it's not), then we just point at that.  The page about easily
> finding patches is probably still relevant, but there's no sense in
> duplicating information, especially when there is such an extensive source
> as this.

I am not so sure.  On our wiki, we have a separation between distro
vendors and individual Open Source projects - and I like it.  I haven't
found a way to extract a list of distro vendors only from osvdb.org.

Also, some vendors and projects may have relevant info that just does
not fit into pre-defined fields on osvdb.org - yet it may be specified
in entries on the wiki.

It is a good idea to update the info at osvdb.org with whatever we have.
For example, I was not able to find rPath in the osvdb.org database.
Then the vendors/projects themselves would need to remember to keep
those entries up to date as well...

Also, we should definitely link to osvdb.org.

Alexander

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux