Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 1 Jun 2017 18:26:29 +0000
From: "Liguori, Anthony" <aliguori@...zon.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: unresponsive distros

To be a bit more transparent.  The ideal thing for us would be to use a non-personally owned key for decryption so we could automate ingestion.  Encryption is fine but I will not tie my personal key into Amazon infrastructure.

Normally what we do with disclosure lists is have automation that pages people on every message.  As an example, I get paged for every email sent to the Xen disclosure list.

Regards,

Anthony Liguori

________________________________________
From: Liguori, Anthony
Sent: Thursday, June 1, 2017 11:23 AM
To: oss-security@...ts.openwall.com
Subject: Re: [oss-security] unresponsive distros

Hi Solar,

The encrypted thread is a single thread with a high volume of messages.  The later part of the thread loses the context of you explicitly asking for a response.

Coupled with the holiday weekend, that meant when I read through the thread I read too quickly and missed your explicit request.

Had you changed the subject of the thread for the request, it would have been noticed immediately but I don't mean to point too many fingers here.

Regards,

Anthony Liguori
________________________________________
From: Solar Designer <solar@...nwall.com>
Sent: Thursday, June 1, 2017 11:19 AM
To: oss-security@...ts.openwall.com
Subject: Re: [oss-security] unresponsive distros

Anthony,

On Thu, Jun 01, 2017 at 06:03:59PM +0000, Liguori, Anthony wrote:
> Hrm, I've been following the thread but apparently missed your request Solar.

Wow, that was quick.  I don't see how you could have been following the
thread, including in the period since May 27, and miss the request,
since most other distros replied to that very same thread.  With the
replies quoting parts of my request, it was many messages.  I mentioned
the 3 non-responsive distros by name in two messages - yesterday and
today (a few hours before bringing this to oss-security).

What was it about the oss-security posting that made you notice it,
unlike the many messages on the distros list?

Is it the encryption that causes you not to read some messages, or to
postpone doing so (for days)?

With such selective reading, you'd also miss some new issues that are
being brought up as part of this same thread.  The Subject stays since
it's unencrypted, but discussion deviates and expands to new topics.

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.