Date: Mon, 4 Apr 2011 01:33:01 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: Closed list Ben, On Sun, Apr 03, 2011 at 10:06:03PM +0100, Ben Laurie wrote: > OK, but ... I wasn't on vendor-sec, but (IMO) am at least as qualified > as most of the people who were. Now what? What do you propose? In what capacity do you feel you're qualified? Don't get me wrong, I have a lot of respect for you - in fact, in my sysadmin role, I am flattered that you'd want to be on a list I setup. I just think that you providing answers to the questions above will help the discussion. I don't know what your answers would be (I can try to guess, but I might be wrong). I do think that you might propose something we have not yet thought of. The vendor-sec membership requirement was just for the initial seed membership of the new list. Its purpose is to ensure we're not making things worse in terms of pre-CRD leaks, at least not right away. ;-) As you can see from another message I posted, I've only setup a Linux distros list for now, which lets us side-step the issue of comparing one security researcher vs. another for membership of that list. I'd be happy to setup a separate list with only security researchers on it, and we can ask folks to CC that list whenever a discussion on the Linux distros list is expected to significantly benefit from participation of the researchers. I'd be happy if you have a better proposal. Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.