oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vendor-sec hosting and future of closed lists

From: "Mike O'Connor" <mjo () dojo mi org>
Date: Mon, 14 Mar 2011 23:01:24 -0400
[catching up on older emails]

:> > They do this already today, that's what security () kernel org is for, and
:> > it gets a bit of traffic like this every week.
:> 
:> Is this list open to the public?  It doesn't seem to be available on
:> http://vger.kernel.org/vger-lists.html.
:
:No, it is closed, as it should be as potential security problems are
:mailed there.  You don't want that to be totally open, right?

One suggestion I've made in the past is to have the list _archives_ be
open.  So anything older than, say, a month is made public.  That way,
folks can see how issues were disclosed, how decisions were reached,
etc.  for old issues that are no longer under embargo.  The way I see
it, if we don't publish the list archive on our own terms, miscreants
will get around to publishing it for us.  

-- 
 Michael J. O'Connor                                          mjo () dojo mi org
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"Why make trillions when we could make... billions?"                -Dr. Evil
Previous By Date Next
Previous By Thread Next

Current thread: