Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 17 Apr 2008 05:32:28 +0400
From: Solar Designer <>
Subject: [openwall-announce] community resources: oss-security, oCERT, xvendor


As many of you should have noticed, I haven't been sending these
announcements out for a while, although news items were being added on
the front page.  My excuse is that I was waiting
for some major news to announce, and I wanted to mention the minor news
items at the same time.  Well, now I have too many things to announce,
so I'll group them by topic.  This message is about new community
resources and community activities.

1. We've setup a new web page on Openwall user communities, hosted
community resources, and community involvement and activities:

This web page includes pointers to the resources described below.

2. We're hosting the Open Source software security (oss-security) wiki,
as well as the oss-security mailing list.  These are a product of
cooperation amongst various Open Source software vendors, projects, and
security researchers.  The purpose of the oss-security group is to
encourage public discussion of security flaws, concepts, and practices
in the Open Source community.

The wiki, which includes information on joining the mailing list:

I'd like to thank (GalaxyMaster) for setting up and administering the
wiki, and many others (20+ authors) for their work on the content.

The list archive (292 messages so far, since mid-February) is also
available on the web:

3. We have joined the oCERT project (the Open Source Computer Emergency
Response Team), in two ways: I serve on the advisory board of oCERT,
and Openwall is a registered public member of oCERT such that we can be
sure to receive notification of vulnerabilities pertaining to our
software (and, far more likely, to third-party software that we
redistribute as a part of Openwall GNU/*/Linux) that will be handled via
oCERT.  Other Open Source projects are welcome to register with oCERT,
too.  (We're also a member of oss-security and vendor-sec, and are
registered with the CERT/CC.)  The website for oCERT is:

4. We've made the xvendor mailing list, which existed since 2002, public.
The purpose of the xvendor group is collaboration and information
exchange between OS distribution vendors (mostly Linux) on non-security
topics.  However, we have just learned that a similar list was started
at recently:

This means that the status of xvendor is currently unclear:

Yet I've decided to keep xvendor around, and even to mention it in this
announcement, while we figure out whether and how xvendor can co-exist
with the "distributions" list.  More information on xvendor (list
charter and how to join) can be found here:

The archive is available here:

5. I have participated in an IBM-organized Global Innovation Outlook
(GIO) "deep dive" on Security and Society (a day long brainstorming
session, with only short coffee breaks and a lunch break).  This dive
was held on April 10 (with a welcome dinner the day before) in a fine
5-star hotel in the heart of Moscow.  Five more dives on the topic are
to follow in other cities around the world, then IBM is to publish a
report.  Meanwhile, you can find detailed reports on past GIO topics on
the IBM website section dedicated to the GIO initiative:

as well as read and comment on the GIO blog:

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.