Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 Nov 2015 07:54:08 -0800
From: Reed Loden <reed@...dloden.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/

Great idea, Kurt.

Is this related to this recent CERT/CC advisory?

http://www.kb.cert.org/vuls/id/566724
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

On Tuesday, November 24, 2015, Kurt Seifried <kseifried@...hat.com> wrote:

> https://github.com/RedHatProductSecurity/Certificates-Shipped/
>
> The idea is to create a comprehensive list of shipped certs/keys/etc by
> open source vendors/distributions/projects so that:
>
> 1) we have a list of secrets maintained by external parties that we rely
> upon
> 2) we can audit them and make sure we should be trusting them
> 3) also spot changes more easily (since the existing corpus is available)
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ