lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <202010070003.466BA35@keescook>
Date:   Wed, 7 Oct 2020 00:05:40 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Solar Designer <solar@...nwall.com>
Cc:     Jann Horn <jannh@...gle.com>, "Theodore Y. Ts'o" <tytso@....edu>,
        Kernel Hardening <kernel-hardening@...ts.openwall.com>,
        linux-hardening@...r.kernel.org
Subject: Re: Linux-specific kernel hardening

On Tue, Oct 06, 2020 at 04:21:27PM +0200, Solar Designer wrote:
> On Mon, Oct 05, 2020 at 03:39:26PM -0700, Kees Cook wrote:
> > On Tue, Oct 06, 2020 at 12:26:50AM +0200, Jann Horn wrote:
> > > On Mon, Oct 5, 2020 at 6:48 PM Solar Designer <solar@...nwall.com> wrote:
> > > > If 100% of the topics on linux-hardening are supposed to be a subset of
> > > > what was on kernel-hardening, I think it'd be OK for me to provide the
> > > > subscriber list to a vger admin, who would subscribe those people to
> > > > linux-hardening.
> > > 
> > > (if folks want to go that route, probably easier to subscribe the list
> > > linux-hardening@ itself to kernel-hardening@ instead of syncing
> > > subscriber lists?)
> > 
> > Yeah, that would make things a bit simpler. Solar, would you be willing
> > to do that? (Then I can tweak the wiki instructions a bit more.)
> 
> Sure, I can do that.  Should I?
> 
> Per http://vger.kernel.org/vger-lists.html#linux-hardening there are
> currently 39 subscribers on the new list.  I guess most of those are
> also on kernel-hardening, and would start receiving two copies of
> messages that are posted to kernel-hardening.  I guess they would then
> need to unsubscribe from kernel-hardening if they want to see the
> content of both lists, or to unsubscribe from linux-hardening if they
> changed their mind and only want the content of kernel-hardening.  I
> think this is still not too many people, so this is reasonable; if we
> were to do it later, we'd inconvenience more people.

Hm, I guess I was thinking about this only from the perspective of
Message-Id handling: the duplicates wouldn't be noticed -- but of course
I've been struggling with IMAP vs Gmail for so long I've almost
forgotten how actual email works. ;)

Yeah, the duplicate emails would be pretty bad. Let's not do this for
now, and if it becomes an actual issue we can change it then.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ