Date: Mon, 18 Feb 2008 10:23:03 +0100 (CET) From: Sebastian Krahmer <krahmer@...e.de> To: xvendor@...ts.openwall.com Subject: Re: "going public" On Mon, 18 Feb 2008, Martin Schulze wrote: > > The purpose is to discuss cross-vendor (thus the name) issues. This is > not limited to security problems, and indeed it was meant as an addition > to vendor-sec to be able to discuss other issues as well - such as license > problems with upstream cdrecord or lack of upstream maintenance of cron. > Things like that. > > > 3. vendors are only willing to post private patches if its a closed list > > and they know who is subscribed > > As soon as vendors are releasing their product the patches cannot be > "private" anymore, GPL forbids this, and it's the most frequently used > license. They are private until CRD. And thats the point. That xvendor can become something like a 2nd level cache of vendor-sec. > > > 4. If the purpose is clear it needs some announcement (to the dedicated > > folks) so that folks > > know about it and it soon drives itself. > > Several years ago Solar posted an announcement on vendor-sec. > This does not suffice to make it an accepted list. I guess not much people remember this. l8er, S. -- ~ ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@...e.de - SuSE Security Team ~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the xvendor mailing list charter.