oss-sec mailing list archives

Re: Proposal: Add separate oss-security-vulnerability-reports mailing list (for AI vulnpocalypse)


From: "David A. Wheeler" <dwheeler () dwheeler com>
Date: Wed, 17 Jun 2026 10:11:43 -0400



On Jun 15, 2026, at 1:56 PM, Alan Coopersmith <alan.coopersmith () oracle com> wrote:

On 6/8/26 16:46, David A. Wheeler wrote:
All: I propose that we create a *separate* mailing list...

If it comes to the point we have to split the lists, I think it would be easier
to create a oss-security-discuss for the discussions than to get dozens of
projects to update their security advisory release process to send their
advisories to a new list

That sounds good to me. "Have to" will be in the eye of the beholder.
It appears we have about ~400-500 messages/month. I hope people will be
willing to create a new list if we reach 5x or 10x as many per month.

Frankly, I'd love to see the split anyway. Those who want to see both could
subscribe to both.

--- David A. Wheeler


Current thread: