Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 4 Apr 2011 01:33:01 +0400
From: Solar Designer <>
Subject: Re: Closed list


On Sun, Apr 03, 2011 at 10:06:03PM +0100, Ben Laurie wrote:
> OK, but ... I wasn't on vendor-sec, but (IMO) am at least as qualified
> as most of the people who were. Now what?

What do you propose?

In what capacity do you feel you're qualified?

Don't get me wrong, I have a lot of respect for you - in fact, in my
sysadmin role, I am flattered that you'd want to be on a list I setup.
I just think that you providing answers to the questions above will help
the discussion.  I don't know what your answers would be (I can try to
guess, but I might be wrong).  I do think that you might propose
something we have not yet thought of.

The vendor-sec membership requirement was just for the initial seed
membership of the new list.  Its purpose is to ensure we're not making
things worse in terms of pre-CRD leaks, at least not right away. ;-)

As you can see from another message I posted, I've only setup a
Linux distros list for now, which lets us side-step the issue of
comparing one security researcher vs. another for membership of that
list.  I'd be happy to setup a separate list with only security
researchers on it, and we can ask folks to CC that list whenever a
discussion on the Linux distros list is expected to significantly
benefit from participation of the researchers.

I'd be happy if you have a better proposal.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.