Date: Mon, 22 May 2017 19:17:02 -0700 From: Kurt H Maier <khm@...ops.net> To: oss-security@...ts.openwall.com Subject: Re: How to request a CVE for open source projects On Mon, May 22, 2017 at 08:04:41PM -0600, Kurt Seifried wrote: > > I disagree. If not assigning CVE's on the list kills this list, then... > wow. Good to know I personally kept this list up and running for a few > years. Nobody said that, and I haven't said anything that wasn't said when this change was first dropped on us. The difference you're talking around is that vulnerabilities used to appear on this list of necessity, and now we either have to hope reporters cross-post or else monitor some number of different databases and post everything ourselves. If you'll recall, this is why it was suggested that non-embargoed webforum submissions automatically post here. But it's clear nobody was interested in making that happen, and now we get a pile of infrastructure instead. Que sera sera, but I stand by the opinion that the new processes have lost something along the way. > Which README specifically (there's a bunch), feel free to reply offlist. I've submitted a pull request, since that seems to be the primary form of human communication now. khm
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ