Date: Fri, 16 Mar 2012 15:54:22 +0000 From: "Adam D. Barratt" <adam@...m-barratt.org.uk> To: <oss-security@...ts.openwall.com> Cc: Kurt Seifried <kseifried@...hat.com>, Mark Stanislav <mark.stanislav@...il.com> Subject: Re: CVE Requests On 16.03.2012 10:26, Andreas Ericsson wrote: > Those mails are all exemplary requests for CVE id's, ofcourse, but > the > fact that they are all already fixed and released means that 100% of > the work is already done. At that point, assigning a CVE id is mostly > useless and is done as a "just for the record" thing. Whether you consider it useless or not, those are the CVE assignments that will happen on the list, aiui. http://oss-security.openwall.org/wiki/mailing-lists/oss-security specifically says: "Public security issues only please. What you say here is public for the world to see - keep that in mind. Embargoed information is best disclosed to vendor-sec" (which should be updated to point at somewhere that actually exists). Regards, Adam
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.