oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 25 Nov 2015 10:37:52 -0700
On Wed, Nov 25, 2015 at 10:07 AM, Hanno Böck <hanno () hboeck de> wrote:


On Tue, 24 Nov 2015 21:38:35 -0700
Kurt Seifried <kseifried () redhat com> wrote:


https://github.com/RedHatProductSecurity/Certificates-Shipped/

The idea is to create a comprehensive list of shipped certs/keys/etc
by open source vendors/distributions/projects so that:


That's good, but in this case why limit to open source vendors?



Because this is the Open Source Security mailing list, and I work for a
company (Red Hat) that does Open Source and because I have no interest in
the hassles of dealing with proprietary software (legal
threats/licensing/DMCA/etc.).

If you would like to work with proprietary vendors on such an effort I
welcome you to try, you can easily setup a project on GitHUB and move ahead
without any need to coordinate with the Open Source effort.




Actually the MS certs are probably the most interesting for
superfish/edell-like scenarios. And I see no reason why they shouldn't
be transparent.



Talk to Microsoft then, OSS-Security is not the forum for dealing with this
Microsoft related issue.




--
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42





-- 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert () redhat com
Previous By Date Next
Previous By Thread Next

Current thread: