|
Message-ID: <Pine.GSO.4.51.0811111531300.6724@faron.mitre.org> Date: Tue, 11 Nov 2008 15:48:18 -0500 (EST) From: "Steven M. Christey" <coley@...us.mitre.org> To: Rémi Denis-Courmont <rem@...eolan.org> cc: "Steven M. Christey" <coley@...us.mitre.org>, Nico Golde <oss-security+ml@...lde.de>, oss-security@...ts.openwall.com, coley@...re.org Subject: Re: CVE id request: vlc On Tue, 11 Nov 2008, [UTF-8] Rémi Denis-Courmont wrote: > CVE.mitre.org says nothing about vendor obtaining a CVE number, only > researchers. And typically, these guys don't do it, when dealing with > videolan.org anyway. I'm sorry, I did not mean to sound critical of you or anybody on the oss-security mailing list. Many consumers probably don't care if bug 1 affects a slightly different set of versions than bug 2. It just happens to be something that's important for CVE, and (indirectly) people who rely on it. I was using the vlc case as an example of a general challenge that we're facing in CVE that's arisen as a result of the creation of the oss-security list, which I fully support. We certainly don't want to interfere with the way that open source developers handle security issues. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.