Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Feb 2017 15:03:24 +0100
From: Raphael Geissert <>
To: Open Source Security <>
Subject: Re: MITRE is adding data intake to its CVE ID process


On 12 February 2017 at 00:35, Solar Designer <> wrote:
> On Fri, Feb 10, 2017 at 10:59:27PM -0500, wrote:
>> C5. I want MITRE to send the form data, and
>> the CVE ID, to the oss-security list at the same time that these are
>> sent to the requester.
>> R5. We have had internal discussions within MITRE about this. We are
>> able to implement this easily if the community requires this approach.
>> At the moment, we are expecting the requester to resend this
>> information to oss-security once they accept their CVE ID assignment.
> MITRE - can you please implement that, and we'll see how it goes and
> whether we need it adjusted or possibly discontinued if things go wrong
> or if there's opposition (so far, there's almost none)?
>> Please see
>> for an example.
> This is also an example of how the change breaks threading.  First,
> there was a thread about the issue on the list.  Then there was CVE
> request and assignment off-list.  And then there's this new thread on
> the CVE assignment.

If this was to be implemented, the submitter could also just include
the message-id of the related oss-sec post.
The mail by MITRE could then set a In-Reply-To accordingly to avoid
thread breaking.

Raphael Geissert - Debian Developer -

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ