Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150513193240.GA19197@openwall.com>
Date: Wed, 13 May 2015 22:32:41 +0300
From: Solar Designer <solar@...nwall.com>
To: "Jason A. Donenfeld" <Jason@...c4.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: [PATCH 0/4] ozwpan: Four remote packet-of-death vulnerabilities

Hi Jason,

As mentioned on oss-security before, please don't ever cross-post
anything to oss-security and a high-volume list at once, especially not
to LKML or netdev.  Please make separate postings instead.  In this
case, it would have been appropriate for you to send the patches to
LKML, netdev, the relevant maintainers, etc. - and to post a summary to
oss-security listing the vulnerabilities and mentioning that fixes are
being discussed on LKML (ideally, you'd include links to LKML archives).
This is sub-optimal in terms of having the relevant detail right in
here, which is usually our preference, but cross-posting is just too
problematic (ends up in too much noise in here).

http://www.openwall.com/lists/oss-security/2015/01/21/3

Please help take these threads off oss-security now - but please do post
summaries to oss-security, such as when fixes get committed.

BTW, for patches that harden the Linux kernel rather than fix specific
vulnerabilities, we host a mailing list here that you may CC: it's
kernel-hardening.  Given its purpose and focus, it is in fact
appropriate (and even intended) to CC it on LKML postings.  For specific
vulnerability fixes, we host no such list here yet.  We may set one up,
or maybe the focus of kernel-hardening needs to be made broader.
I welcome opinions on this matter.

http://www.openwall.com/lists/kernel-hardening/

Thank you!

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.