Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Mon, 18 Feb 2008 08:51:07 +0100
From: Martin Schulze <joey@...odrom.org>
To: xvendor@...ts.openwall.com
Subject: Re: "going public"

Sebastian Krahmer wrote:
> On Fri, 15 Feb 2008, Solar Designer wrote:
> 
> Hi,
> 
> Some questions came in mind:
> 
> 1. Whos actually on the list?
> 2. Whats its exact purpose? Like vendor-sec? Discussing patches/exploits?

The purpose is to discuss cross-vendor (thus the name) issues.  This is
not limited to security problems, and indeed it was meant as an addition
to vendor-sec to be able to discuss other issues as well - such as license
problems with upstream cdrecord or lack of upstream maintenance of cron.
Things like that.

> 3. vendors are only willing to post private patches if its a closed list
>    and they know who is subscribed

As soon as vendors are releasing their product the patches cannot be
"private" anymore, GPL forbids this, and it's the most frequently used
license.

> 4. If the purpose is clear it needs some announcement (to the dedicated 
>    folks) so that folks
>    know about it and it soon drives itself.

Several years ago Solar posted an announcement on vendor-sec.

> 5. We should avoid a vendor-sec clone, otherwise the competition will
>    destroy both lists.

It's purpose is not to discuss security issues but other issues.

Regards,

	Joey

-- 
Computers are not intelligent.  They only think they are.

Please check out the xvendor mailing list charter.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux