Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Mar 2012 12:44:03 +0100
From: Thomas Klausner <>
Subject: Re: running the distros lists

Thanks for the clarifications, but this still leaves many questions open for me.

On Tue, Mar 13, 2012 at 06:53:04AM +0400, Solar Designer wrote:
> What I'd like to be happening is for some list member(s) (not too many
> of them) to be proposing a CRD for each reported issue on the day it is
> reported.  Then those member(s) need to stay on top of all open issues
> and ensure the CRDs are met (if necessary, adjusting the CRDs as long as
> the list's limit permits).  Quite often, this will involve negotiations
> with other list members, with the reporter, with upstream(s), and with
> various other parties (such as related projects and distros who are not
> on the list).  Yes, this does sound CERT'ish. ;-)

Does this person contact upstream(s)?
If not, who does?
Does this person contact downstreams?
Or are they assumed to read distros@?
What if an up- or downstream claims to need longer (confer a recent issue)?
When CRD happens, who publishes what where?
Or is it just a free-for-all afterwards?

Just off the top of my head :)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.