Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 16 May 2017 20:28:30 +0200
From: Solar Designer <solar@...nwall.com>
To: Alistair Crooks <agc@...src.org>
Cc: oss-security@...ts.openwall.com
Subject: Re: NetBSD/pkgsrc membership on distros list

On Tue, May 16, 2017 at 11:12:28AM -0700, Alistair Crooks wrote:
> On 16 May 2017 at 10:21, Solar Designer <solar@...nwall.com> wrote:
> > Over the last few days, there have been repeated requests to get a
> > response specifically from NetBSD in a thread on the distros list.
> > There was no response.  Additionally, the reporter of a vulnerability
> > mentioned getting no response to their direct e-mail to your
> > security-officer address.
> 
> It hit my inbox when I'd just come back from 2 weeks vacation.
> 
> When it finally got my attention, the mail itself did little to make
> me think it was legit, since I saw an attachment and a subject line
> that was generic in the extreme. Mentally, I filed it as spam.
> Virtually, too.
> 
> I saw more traction on oss-security with the same subject, and

I think you mean on distros.

> realised (too late, I fear) that it wasn't yet another phishing
> attempt. I also heard from other channels that people were trying to
> contact me.
> 
> My fault. Sorry.
> 
> The security team at NetBSD have done an analysis, and have our own
> comments to make. I'll do that in due course.

OK.

For now, I'll resume NetBSD subscription with you as the only
representative, since we still haven't heard from the other two persons
who were subscribed for NetBSD (no need for them to post to oss-security
now, but at least they can reply on the distros thread if they read it,
or to me personally).  You were on vacation, but they could respond - in
fact, that's an often cited reason to have multiple people subscribed.

> I used to be on oss-security. Don't know what happened if I've been thrown off.

I'll e-mail you off-list to figure this out.

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.