oss-sec mailing list archives
Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse)
From: Prentice Bisbal <prentice () ucar edu>
Date: Tue, 16 Jun 2026 10:28:18 -0400
On 6/15/26 1:56 PM, Alan Coopersmith wrote:
On 6/8/26 16:46, David A. Wheeler wrote:All: I propose that we create a *separate* mailing list, say"oss-security-vulnerability-reports", for run-of-the-mill vulnerability reports about open source software (OSS). Run-of-the-mill reports would then go there and *not* to this mailing list "oss-security". This would leave *this* oss-security" mailing list for general discussions about the topic of OSS security, including discussions about specific publicly known vulnerabilities that are especially noteworthy in some way. Tools that want the full flood could monitor "oss-security-vulnerability-reports".If it comes to the point we have to split the lists, I think it would be easier to create a oss-security-discuss for the discussions than to get dozens ofprojects to update their security advisory release process to send theiradvisories to a new list, or to rely on the projects to determine which arenewsworthy enough to go to the main list vs. your proposed new...-vulnerability-reports list.
I second this.
Current thread:
- CVE-2026-29167: Apache HTTP Server: mod_ldap per-dir use-after-free Eric Covener (Jun 08)
- Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler (Jun 09)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Solar Designer (Jun 13)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler (Jun 14)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Stuart Henderson (Jun 15)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Alan Coopersmith (Jun 15)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Prentice Bisbal (Jun 16)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) 3v (Jun 16)
- Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) Solar Designer (Jun 13)
- Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse) David A. Wheeler (Jun 09)