Date: Mon, 14 Apr 2008 19:48:26 +0400 From: Solar Designer <solar@...nwall.com> To: xvendor@...ts.openwall.com Subject: Re: "going public" Hi, I am sorry that I failed to find time to work on revitalizing the xvendor list in February and March, beyond making the archive public on the web and placing a news item on the Openwall website (which I did). Instead, I dedicated whatever little "free" time I had for this towards getting oss-security off the ground. On Mon, Feb 18, 2008 at 08:32:49AM +0100, Sebastian Krahmer wrote: > Some questions came in mind: Joey and Vincent have already provided good answers (thank you!), but I'll add some: > 1. Whos actually on the list? There are currently 40 subscribers, not counting robot addresses for the list archives (local, Gmane, MARC). Most of these people may represent various Linux distribution vendors (10+ of them, including several major ones), but some may also represent other projects and companies (both Open Source and not). I'm not sure if it's appropriate to make the list of potentially represented projects and companies public, because people were not granting the list admins that right as they were joining. Let me use this opportunity to ask - does anyone (of the current list members) have any objections regarding me publicly mentioning their project or company (as derived from the domain name) as being "potentially represented" on this mailing list? If so, please let me know (private e-mail works fine). Also, anyone (who's currently on the list) can feel free to let me know the specific project and company name(s) that they represent, along with authorization to mention those next time this is brought up on the list. > 2. Whats its exact purpose? Like vendor-sec? Discussing patches/exploits? No. Here's my original description of this list: http://www.openwall.com/lists/xvendor/2002/08/19/1 I think it still applies, except that now that we also have oss-security, most security topics should be brought up in there instead. So, at this time, xvendor is for discussing non-security cross-vendor issues. Some example topics can be seen in my original list description (seen at the URL above), as well as in recent postings by Joey and Vincent. As you know, the traffic has been extremely low so far. I expect that it will remain fairly low even when this list is properly functioning. Quite often, a single message will suffice to make other vendors aware of a change (e.g., new upstream maintainer of a package), an issue, and/or a solution (e.g., the procmail mbox truncation bug & patch or the glibc CLK_TCK issue and recommended solution that I had posted). We might also have discussions in here once in a while, e.g. on licensing or interoperability issues. > 3. vendors are only willing to post private patches if its a closed list > and they know who is subscribed I don't think we want to see any "private patches" in here. This list is all about sharing - between vendors and with the world at large. > 4. If the purpose is clear it needs some announcement (to the dedicated > folks) so that folks know about it and it soon drives itself. I agree. Do you (or anyone) have suggestions on where to announce this list such that we attract the right folks? Indeed, I do have some thoughts of my own, but I am sure that other list members can contribute theirs as well. > 5. We should avoid a vendor-sec clone, otherwise the competition will > destroy both lists. To me, xvendor is not even similar to vendor-sec in terms of appropriate topics - I see no intersection. Indeed, many folks will be on both lists, as well as on oss-security, but that's just right. It's the topics that will differ. Thanks, Alexander
Powered by blists - more mailing lists
Please check out the xvendor mailing list charter.