Date: Fri, 20 Mar 2015 15:50:26 +0000 From: Stuart Henderson <stu@...cehopper.org> To: oss-security@...ts.openwall.com Subject: Re: membership request to the closed linux-distros security mailing list On 2015/03/20 08:16, Anthony Liguori wrote: > > I think the alternative is to formalize what already appears to be the > existing practice: disclose distros@ on the existence of a > vulnerability but require direct contact for the details of the > vulnerability if the submitter/upstream thinks the impact is high. Are private lists even needed if this policy is taken?
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ