| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: len at netsys.com (Len Rose) Subject: Re: [RHSA-2003:279-01] Updated OpenSSH packages fix potential vulnerability I disagree. We view this list as an information source, and we have encouraged everyone to send notices like these to the list. If you don't like it, please use a filter to nuke that entity's mail. Procmail is your friend! Rodrick Brown said: > I tend to agree with the author the vendor spamming is getting ridiclous > 90% of there users dont even read securitylists, and its very redundant > and silly to have 6 to 10 vendors spam mailinglists with patches to a > exploited application we have been discussing for months. > > I dont see why most moderators dont ban emails like this, if your users > want to be notified of new patches they should join security@...dor.com > [snip] Matt Collins said: > I tend to agree - if you want redhat patches subscribe to their security > mailing list. If redhat find a new bug, they of course > should post it to bugtraq, full disclosure, or their communications medium > of choice. > > It isnt particularly useful for a cross platform research/discussion list > to be flooded with 7 software release announcements for the same bug, > though. Even if there is an argument that a central clearing house for > patch releases is a useful thing, splitting out 'initial notification' > (this bug exists in funny_mail) from 'patch release' (vendors 1 2 3 > 4 ... 1000 have a patch for their packaged version of funny_mail!) > makes both lists more readable and more useful. [snip] If anything could ever be considered a single source for security information, we strive to be as close to reaching that (impossible) goal as we can achieve. If this means that we get security announcements from six vendors about fixing the same thing we're very happy to see that information. We like to think it's another data point that can be used when facing daily security issues ranging from running a few systems at home to securing a large organization. (one that just might have six different vendor's linux implemented) In fact, any vendor not currently sending security information to this list is encouraged and welcomed to do so. Full Disclosure is not only a discussion list although that activity seems to dominate at times. It's very much an announcement list for researchers and vendors and we feel that functionality is invaluable to all. Cheers, Len
Powered by blists - more mailing lists