Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 14 Sep 2023 17:14:03 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: illumos (or at least danmcd) membership in the distros list

On Thu, Sep 14, 2023 at 10:42:19AM -0400, Demi Marie Obenour wrote:
> On Wed, Sep 13, 2023 at 08:21:22PM +0000, Dan McDonald wrote:
> > For now, I would like to add myself:  danmcd@....io.
> 
> Would security@...umos.org be a better choice?

No.  One of the differences of (linux-)distros from its predecessor
vendor-sec is that we don't subscribe any exploder addresses - we only
subscribe individuals.  Some distro security teams can be rather large,
with not everyone in there needing direct (linux-)distros subscription.
Also, by far not every issue is relevant to every distro.  So the
distro's individual representatives on (linux-)distros are supposed to
share only relevant information with others on their teams.

That said, the membership is for the distro, not for the individuals.
The Subject line here is confused about that.  The difference is in what
uses of information are allowed (only for the distro's security) and in
conditions for staying subscribed (only while requested by the distro's
leadership and only as needed for the distro's security).

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.