Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 6 Apr 2011 17:53:50 -0400
From: Michael Gilbert <>
Subject: Re: Closed list

akuster wrote:

> On 04/06/2011 06:57 AM, Solar Designer wrote:
> > On Wed, Apr 06, 2011 at 06:26:01AM -1000, akuster wrote:
> >> Please subscribe me to the new list. I was a vendor-sec subscriber for
> >> MontaVista Software.
> >>
> >> pub  4096R/AEB9ED8D 2011-04-06 [expires: 2016-4-4]
> >> uid Armin Kuster <>
> >> Fingerprint D51D 9911 B1C7 F763 9F82 F19F 7F75 7295 AEB9 ED8D
> > 
> > Looks like you forgot to make this public key available.  Please provide
> > it to me and I'll subscribe you.
> I hit one server, guess I need to hit them all. Please try again with
> same key.
> > 
> > While we're at it, the MontaVista Software entry at:
> > 
> >
> > 
> > says: "The process for distribution of security advisories is currently
> > under discussion."  Perhaps this has already been discussed and decided
> > upon?  If so, please update the wiki page with specific link(s) to your
> > security advisories, updates, relevant mailing list archive - or
> > whatever you have.  
> Our advisories are via a paid subscription service so they are not public.
> Without this info, it is unclear whether you would
> > be making timely intended use of the advance notifications or not.
> Our customers require vulnerabilities to be addressed in a timely manner.
> will revisit the wiki issue soon.

I'm not if sure anything has come of this request, but I hope closed
vendors like this get rejected. Non-public advisories are anathema to
the open source philosophy.  You have to ask the question: what is the
point of their participation in an oss list if they don't intend to
disclose anything?

Best wishes,

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.