oss-sec mailing list archives

Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse)


From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Mon, 15 Jun 2026 10:56:48 -0700

On 6/8/26 16:46, David A. Wheeler wrote:
All: I propose that we create a *separate* mailing list, say
"oss-security-vulnerability-reports", for run-of-the-mill vulnerability reports
about open source software (OSS). Run-of-the-mill reports would then go there
and *not* to this mailing list "oss-security". This would leave *this* oss-security" mailing list
for general discussions about the topic of OSS security, including discussions about
specific publicly known vulnerabilities that are especially noteworthy in some way.
Tools that want the full flood could monitor "oss-security-vulnerability-reports".

If it comes to the point we have to split the lists, I think it would be easier
to create a oss-security-discuss for the discussions than to get dozens of
projects to update their security advisory release process to send their
advisories to a new list, or to rely on the projects to determine which are
newsworthy enough to go to the main list vs. your proposed new
...-vulnerability-reports list.

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris


Current thread: