Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 3 Apr 2011 19:32:52 -0400
From: Dan Rosenberg <dan.j.rosenberg@...il.com>
To: oss-security@...ts.openwall.com
Cc: Benji <me@...ji.com>
Subject: Re: Closed list

On Sun, Apr 3, 2011 at 6:58 PM, Benji <me@...ji.com> wrote:
> This is pathetic. You've all just made your personal and 'work' email
> addresses targets by having a ridiculous public 'signup' system, and
> the fact you all feel the need to hide behind some sort of veil for
> security issues.
>
>

Do you really think anyone is gaining new information by discovering
that, say, a member of the security team for a major distro will be on
this mailing list?  Such information seems pretty obvious to me.

I think this thread is useful in the interest of transparency, which
was sorely lacking with the previous incarnation of vendor-sec.  And
with regards to enforcing embargoes for security issues, I'd think you
would have better people to complain to a security community that
tends to only enforce embargoes for days or occasionally weeks, and
only for more serious issues, as opposed to the months or years that
issues may go unfixed in the commercial software world.  While
delaying security fixes unnecessarily is harmful to users,
coordinating fixing over a short timeframe such that major
distributions can release updates simultaneously seems like common
sense, not "hiding being some sort of veil".

-Dan

>
> On 4/3/11, Solar Designer <solar@...nwall.com> wrote:
>> Mike,
>>
>> On Fri, Apr 01, 2011 at 06:58:52PM -0400, Mike O'Connor wrote:
>>> pub    512R/205BBF7D 2001-12-30
>>>       Key fingerprint = 8F 85 89 E1 A2 FC EB D2  27 49 56 1E CC DF C9
>>>       C1
>>> uid                  Michael J. O'Connor <mjo@...o.mi.org>
>>
>> I've subscribed you with this key for now, but you really ought to
>> upgrade to a larger key, and I'd appreciate a statement on what Linux
>> distro you represent on the new list.
>>
>> All: my decision is based on some info known to me, but I'd prefer to
>> base it on Mike's posting to oss-security.  I am saying this to explain
>> that there's a reason why I subscribed Mike, whereas I would not
>> subscribe another "random" person posting the same kind of message from
>> a personal address. ;-)
>>
>> Alexander
>>
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.