Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110403213301.GA9234@openwall.com>
Date: Mon, 4 Apr 2011 01:33:01 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: Closed list

Ben,

On Sun, Apr 03, 2011 at 10:06:03PM +0100, Ben Laurie wrote:
> OK, but ... I wasn't on vendor-sec, but (IMO) am at least as qualified
> as most of the people who were. Now what?

What do you propose?

In what capacity do you feel you're qualified?

Don't get me wrong, I have a lot of respect for you - in fact, in my
sysadmin role, I am flattered that you'd want to be on a list I setup.
I just think that you providing answers to the questions above will help
the discussion.  I don't know what your answers would be (I can try to
guess, but I might be wrong).  I do think that you might propose
something we have not yet thought of.

The vendor-sec membership requirement was just for the initial seed
membership of the new list.  Its purpose is to ensure we're not making
things worse in terms of pre-CRD leaks, at least not right away. ;-)

As you can see from another message I posted, I've only setup a
Linux distros list for now, which lets us side-step the issue of
comparing one security researcher vs. another for membership of that
list.  I'd be happy to setup a separate list with only security
researchers on it, and we can ask folks to CC that list whenever a
discussion on the Linux distros list is expected to significantly
benefit from participation of the researchers.

I'd be happy if you have a better proposal.

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.