Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 May 2015 22:32:41 +0300
From: Solar Designer <>
To: "Jason A. Donenfeld" <>
Subject: Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities

Hi Jason,

As mentioned on oss-security before, please don't ever cross-post
anything to oss-security and a high-volume list at once, especially not
to LKML or netdev.  Please make separate postings instead.  In this
case, it would have been appropriate for you to send the patches to
LKML, netdev, the relevant maintainers, etc. - and to post a summary to
oss-security listing the vulnerabilities and mentioning that fixes are
being discussed on LKML (ideally, you'd include links to LKML archives).
This is sub-optimal in terms of having the relevant detail right in
here, which is usually our preference, but cross-posting is just too
problematic (ends up in too much noise in here).

Please help take these threads off oss-security now - but please do post
summaries to oss-security, such as when fixes get committed.

BTW, for patches that harden the Linux kernel rather than fix specific
vulnerabilities, we host a mailing list here that you may CC: it's
kernel-hardening.  Given its purpose and focus, it is in fact
appropriate (and even intended) to CC it on LKML postings.  For specific
vulnerability fixes, we host no such list here yet.  We may set one up,
or maybe the focus of kernel-hardening needs to be made broader.
I welcome opinions on this matter.

Thank you!


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.