oss-sec mailing list archives
Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse)
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 15 Jun 2026 10:56:48 -0700
On 6/8/26 16:46, David A. Wheeler wrote:
All: I propose that we create a *separate* mailing list, say "oss-security-vulnerability-reports", for run-of-the-mill vulnerability reports about open source software (OSS). Run-of-the-mill reports would then go there and *not* to this mailing list "oss-security". This would leave *this* oss-security" mailing list for general discussions about the topic of OSS security, including discussions about specific publicly known vulnerabilities that are especially noteworthy in some way. Tools that want the full flood could monitor "oss-security-vulnerability-reports".
If it comes to the point we have to split the lists, I think it would be easier
to create a oss-security-discuss for the discussions than to get dozens of
projects to update their security advisory release process to send their
advisories to a new list, or to rely on the projects to determine which are
newsworthy enough to go to the main list vs. your proposed new
...-vulnerability-reports list.
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- CVE-2026-29167: Apache HTTP Server: mod_ldap per-dir use-after-free Eric Covener (Jun 08)
- Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler (Jun 09)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Solar Designer (Jun 13)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler (Jun 14)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Stuart Henderson (Jun 15)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Sylvain Beucler (Jun 18)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Jeremy Stanley (Jun 18)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Sylvain Beucler (Jun 22)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Jeremy Stanley (Jun 22)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Solar Designer (Jun 13)
- Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler (Jun 09)
