Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 5 Apr 2011 03:27:56 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Closed list

Jeffrey,

On Mon, Apr 04, 2011 at 01:03:31PM -0700, Jeffrey Czerniak wrote:
> I'm Jeffrey Czerniak, a member of Apple's Product Security team.  I was a member of vendor-sec via the Apple exploder.   Please subscribe me to the new list.
> 
> My PGP public key can be found at https://www.apple.com/support/security/pgp/   I have also pasted it below for convenience:

Thanks, and sorry for the confusion caused by my last minute
determination to start with a Linux distros list only.

Obviously, I won't add Apple to a Linux distro security contacts list
(well, unless you start a Linux distro).

Yet I recognize that Apple has been contributing to vendor-sec, so I'd
be happy to add you to a suitable list if one is setup.  Perhaps a BSD
distros list, which would generally be CC'ed on issues that are expected
to be shared between Linux and *BSD userlands and thus likely also with
Mac OS X?  Do you and other vendors feel that such a list is needed?

So far, yours is the only non-Linux vendor request.  For just one
vendor, we can be CC'ing you whenever appropriate, with no list needed.

One of my reasons to go with a Linux-only list for now was that during
the month without vendor-sec only Linux distro folks approached me
asking for the setup of such a list.  Others did not appear to need it.
The attitude from security researchers and non-Linux projects appeared
to be like "we don't need this list, but if one exists, we want to be on
it".  This made some sense to me, but not enough to setup a list shared
by both those who say they need it (Linux distros) and those who want to
be on it just not to be left out.

I'd appreciate any proposals from prospective non-Linux-distro members
of private list(s) to be setup (if any are needed).

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.