Re: Vendor-sec hosting and future of closed lists

[Michael Gilbert <michael.s.gilbert () gmail com>]

On Thu, 3 Mar 2011 16:41:07 -0800 Greg KH wrote:
> On Thu, Mar 03, 2011 at 07:26:21PM -0500, Dan Rosenberg wrote:
> > Of course failing to anticipate security impact is bound to happen in
> > the kernel; it frequently happens in userland too, and is unavoidable.
> >  That doesn't mean we can't try, and it doesn't mean we should be
> > overly paranoid and have security folks manually audit every patch.
> > Currently, maintainers and bug reporters are expected to ask
> > themselves a simple question when deciding whether or not to CC
> > stable: "does this fix a bug or security issue, or is it a new
> > feature?".  Similarly, I don't think it's too much to ask for people
> > to consider the question of "does this bug it allow an unprivileged
> > user to crash the system, gain additional access, or otherwise cross
> > privilege boundaries?"  And if the answer is "I don't know, maybe?",
> > then they should CC this list to be safe.  I think this would result
> > in not nearly as much volume as you're anticipating.
>
> They do this already today, that's what security () kernel org is for, and
> it gets a bit of traffic like this every week.

Is this list open to the public?  It doesn't seem to be available on
http://vger.kernel.org/vger-lists.html.

Best wishes,
Mike