Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2008 10:23:03 +0100 (CET)
From: Sebastian Krahmer <>
Subject: Re: "going public"

On Mon, 18 Feb 2008, Martin Schulze wrote:

> The purpose is to discuss cross-vendor (thus the name) issues.  This is
> not limited to security problems, and indeed it was meant as an addition
> to vendor-sec to be able to discuss other issues as well - such as license
> problems with upstream cdrecord or lack of upstream maintenance of cron.
> Things like that.
> > 3. vendors are only willing to post private patches if its a closed list
> >    and they know who is subscribed
> As soon as vendors are releasing their product the patches cannot be
> "private" anymore, GPL forbids this, and it's the most frequently used
> license.
They are private until CRD. And thats the point. That xvendor
can become something like a 2nd level cache of vendor-sec.

> > 4. If the purpose is clear it needs some announcement (to the dedicated 
> >    folks) so that folks
> >    know about it and it soon drives itself.
> Several years ago Solar posted an announcement on vendor-sec.
This does not suffice to make it an accepted list.
I guess not much people remember this.


~ perl
~ $_='print"\$_=\47$_\47;eval"';eval
~ - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the xvendor mailing list charter.