|
Message-ID: <1085482903.28233.1302551871147.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com> Date: Mon, 11 Apr 2011 15:57:51 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Closed list ----- Original Message ----- > > Postponed. I'd like to see any support for you getting onto the Linux > distros security contacts list, with reasoning, or/and any other > suggestions on what to do in this case. Josh - what do you think (as > someone who advocated the setup of a vendor-sec replacement)? > My initial thought is that a vendor without public advisories is a liability. I don't want to get into the politics of not publishing your advisories, but at the same time, public information such as this is all we have to measure if a vendor is using the information at hand. I'm happy to draw a line in the sand and make public advisories a mandatory requirement. If anyone disagrees, please speak up. This is my personal opinion, other viewpoints are welcome. Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.