Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87d1s07qby.fsf@mid.deneb.enyo.de>
Date: Sat, 13 Feb 2016 13:22:09 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: oss-security@...ts.openwall.com
Subject: Re: Thoughts about security of Linux distributor collaboration platforms, bugtrackers for opensource software

* halfdog:

> Data communicated in the final 2 weeks is secured but I am worried
> about the 6 month centralized, structured and unencrypted
> communication before that, which might be not so hard to tap into.

We generally avoid sitting on vulnerabilities for extended periods.

I doubt many open-source communities would turn away contributors
based on their employment or nationality.  I would find that extremely
discriminatory.  If people are willing to help, you welcome them, and
eventually, this can lead to sharing sensitive security information
with them.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.