lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: vogt at hansenet.com (vogt@...senet.com)
Subject: AW: Re: [RHSA-2003:279-01] Updated OpenSSH pack
	ages fix potential vulnerability

>  Various vendors posting to Bugtraq and FD are a good thing IMHO. It's
just
> like replies to a broadcast icmp echo request. Vendors that keep answering
> with reasonnable latency can be trusted. Vendors that only replies to
their
> private network can't be fully trusted by other people. Vendors that don't
> answer can't be trusted at all.

Yes, but maybe we could ask them to use some kind of agreed-upon tag in
the subject lines, so all of the "updated package" announcements can be
filtered into their own folder easily?

That way, we can all be happy.


Tom Vogt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ