Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2008 08:51:07 +0100
From: Martin Schulze <>
Subject: Re: "going public"

Sebastian Krahmer wrote:
> On Fri, 15 Feb 2008, Solar Designer wrote:
> Hi,
> Some questions came in mind:
> 1. Whos actually on the list?
> 2. Whats its exact purpose? Like vendor-sec? Discussing patches/exploits?

The purpose is to discuss cross-vendor (thus the name) issues.  This is
not limited to security problems, and indeed it was meant as an addition
to vendor-sec to be able to discuss other issues as well - such as license
problems with upstream cdrecord or lack of upstream maintenance of cron.
Things like that.

> 3. vendors are only willing to post private patches if its a closed list
>    and they know who is subscribed

As soon as vendors are releasing their product the patches cannot be
"private" anymore, GPL forbids this, and it's the most frequently used

> 4. If the purpose is clear it needs some announcement (to the dedicated 
>    folks) so that folks
>    know about it and it soon drives itself.

Several years ago Solar posted an announcement on vendor-sec.

> 5. We should avoid a vendor-sec clone, otherwise the competition will
>    destroy both lists.

It's purpose is not to discuss security issues but other issues.



Computers are not intelligent.  They only think they are.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.