Date: Mon, 18 Feb 2008 08:51:07 +0100 From: Martin Schulze <joey@...odrom.org> To: xvendor@...ts.openwall.com Subject: Re: "going public" Sebastian Krahmer wrote: > On Fri, 15 Feb 2008, Solar Designer wrote: > > Hi, > > Some questions came in mind: > > 1. Whos actually on the list? > 2. Whats its exact purpose? Like vendor-sec? Discussing patches/exploits? The purpose is to discuss cross-vendor (thus the name) issues. This is not limited to security problems, and indeed it was meant as an addition to vendor-sec to be able to discuss other issues as well - such as license problems with upstream cdrecord or lack of upstream maintenance of cron. Things like that. > 3. vendors are only willing to post private patches if its a closed list > and they know who is subscribed As soon as vendors are releasing their product the patches cannot be "private" anymore, GPL forbids this, and it's the most frequently used license. > 4. If the purpose is clear it needs some announcement (to the dedicated > folks) so that folks > know about it and it soon drives itself. Several years ago Solar posted an announcement on vendor-sec. > 5. We should avoid a vendor-sec clone, otherwise the competition will > destroy both lists. It's purpose is not to discuss security issues but other issues. Regards, Joey -- Computers are not intelligent. They only think they are.
Powered by blists - more mailing lists
Please check out the xvendor mailing list charter.