Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALPTtNUugyG4V3nF4vRjLRtqJfFp2kYR_LM-J5V2Z8gGEypCMg@mail.gmail.com>
Date: Wed, 25 Nov 2015 07:54:08 -0800
From: Reed Loden <reed@...dloden.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/

Great idea, Kurt.

Is this related to this recent CERT/CC advisory?

http://www.kb.cert.org/vuls/id/566724
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

On Tuesday, November 24, 2015, Kurt Seifried <kseifried@...hat.com> wrote:

> https://github.com/RedHatProductSecurity/Certificates-Shipped/
>
> The idea is to create a comprehensive list of shipped certs/keys/etc by
> open source vendors/distributions/projects so that:
>
> 1) we have a list of secrets maintained by external parties that we rely
> upon
> 2) we can audit them and make sure we should be trusting them
> 3) also spot changes more easily (since the existing corpus is available)
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.