Date: Wed, 25 Nov 2015 07:54:08 -0800 From: Reed Loden <reed@...dloden.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Great idea, Kurt. Is this related to this recent CERT/CC advisory? http://www.kb.cert.org/vuls/id/566724 http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html On Tuesday, November 24, 2015, Kurt Seifried <kseifried@...hat.com> wrote: > https://github.com/RedHatProductSecurity/Certificates-Shipped/ > > The idea is to create a comprehensive list of shipped certs/keys/etc by > open source vendors/distributions/projects so that: > > 1) we have a list of secrets maintained by external parties that we rely > upon > 2) we can audit them and make sure we should be trusting them > 3) also spot changes more easily (since the existing corpus is available) >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ