[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2008 10:23:03 +0100 (CET)
From: Sebastian Krahmer <krahmer@...e.de>
To: xvendor@...ts.openwall.com
Subject: Re: "going public"
On Mon, 18 Feb 2008, Martin Schulze wrote:
>
> The purpose is to discuss cross-vendor (thus the name) issues. This is
> not limited to security problems, and indeed it was meant as an addition
> to vendor-sec to be able to discuss other issues as well - such as license
> problems with upstream cdrecord or lack of upstream maintenance of cron.
> Things like that.
>
> > 3. vendors are only willing to post private patches if its a closed list
> > and they know who is subscribed
>
> As soon as vendors are releasing their product the patches cannot be
> "private" anymore, GPL forbids this, and it's the most frequently used
> license.
They are private until CRD. And thats the point. That xvendor
can become something like a 2nd level cache of vendor-sec.
>
> > 4. If the purpose is clear it needs some announcement (to the dedicated
> > folks) so that folks
> > know about it and it soon drives itself.
>
> Several years ago Solar posted an announcement on vendor-sec.
>
This does not suffice to make it an accepted list.
I guess not much people remember this.
l8er,
S.
--
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the
xvendor mailing list charter.
