Date: Wed, 25 Nov 2015 18:07:02 +0100 From: Hanno Böck <hanno@...eck.de> To: oss-security@...ts.openwall.com Subject: Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ On Tue, 24 Nov 2015 21:38:35 -0700 Kurt Seifried <kseifried@...hat.com> wrote: > https://github.com/RedHatProductSecurity/Certificates-Shipped/ > > The idea is to create a comprehensive list of shipped certs/keys/etc > by open source vendors/distributions/projects so that: That's good, but in this case why limit to open source vendors? Actually the MS certs are probably the most interesting for superfish/edell-like scenarios. And I see no reason why they shouldn't be transparent. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno@...eck.de GPG: BBB51E42 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ