Date: Thu, 21 Jul 2011 22:25:18 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: *BSD security contacts On Thu, Jul 21, 2011 at 10:25:07AM -0500, Tim Zingelman wrote: > On Tue, Jul 19, 2011 at 9:55 AM, Solar Designer <solar@...nwall.com> wrote: > > On Tue, Jul 19, 2011 at 09:28:51AM -0500, Tim Zingelman wrote: > >> p.s. I at least would be very much in support of a bsd distro's > >> restricted security mailing list if you were to create one. > > > > Sounds good. Is anyone else interested in that as well? Also, not > > being involved with a *BSD, perhaps I should not be on that list, but > > this brings up the issue of resolving administrative issues (e.g., not > > being on the list I would not notice spam getting through to it). > > I'm afraid I don't know about interest. I had hoped others would have > jumped in earlier... but they have not... Somehow there are few *BSD security folks on oss-security. In fact, this was one of the things I considered when I decided to start with a Linux-only closed list. > In the end did the opensolaris based distributions get into the closed > linux list? No, and they didn't ask for it. I don't think they're on oss-security either - I guess they're just not interested. However, as you have seen from discussions on oss-security, the Oracle person who formally joined for Oracle Linux is actually a Solaris person. I find this weird. > If not, I wonder if a list for everyone who > repackages/distributes free/open source software (other than linux > distro's) would make more sense than a BSD specific one? Maybe, but I would like to see which projects/distros are actually interested in being on such a list _and_ are on oss-security. The latter requirement is needed because it does not make much sense to receive notifications of embargoed issues, yet miss notifications of issues being made public without embargo. > As far as you being on the list... I at least have no problem with it. > In fact I would be surprised to find much if anything on such a list > that was not also on the linux list. > (My personal preference would be to have the BSD folks on the linux > list and trust us to just ignore the kernel issues that are not > relevant to us :) Thank you for mentioning your preference - this is important info for me. The effectively Linux-specific issues sometimes brought up on the list are not limited to the kernel, though. On the other hand, in those cases when someone brings up an issue that is not Linux-specific, the reporter is not always willing to spend time to notify the *BSD's even when asked to and pointed at the wiki page with contacts. Having a bsd-distros list that we could simply CC would be helpful in such occasions. But setting one up and subscribing *BSD security contacts who expressed no interest in this kind of setup (except for you) is weird. > Thanks for all your work to provide good communication options! You're welcome. Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.