Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <647ec3a7-f2f0-b090-007a-65286b815fa0@gentoo.org>
Date: Sun, 2 Jul 2017 22:38:29 +0200
From: Kristian Fiskerstrand <k_f@...too.org>
To: oss-security@...ts.openwall.com, Anthony Liguori <anthony@...emonkey.ws>
Subject: Re: accepting new members to (linux-)distros lists

On 07/02/2017 10:20 PM, Anthony Liguori wrote:
> I've been thinking about this list of items and also some of the
> challenges of Stack Clash.  Something that frequently came up was
> uncertainty about what the current set of patches were and there was
> also lack of clarity on dates.

...
> 
> What do you think about having a public bugzilla (or similar system)
> where tracked issues are kept as private bugs? 

...

> 
> Thoughts?

The immediate thought that springs to mind is the [lack of OpenPGP
support in bugzilla] which makes it difficult to ensure confidentiality
unless disabling all email warnings.

For an organization it is possible to ensure a level of security as they
control all email endpoints (and disable email forwarding), so
information never leaves a secured zone, but for multiple parties
involved it would need to be fixed or configured to only send e.g "Bug
XXX has been updated, please log in to see details", which can make the
workflow inconvenient.

Notes:
[lack of OpenPGP support in bugzilla] I say lack of OpenPGP support as
the current implementation is too flawed to be used, this is elaborated
on in http://www.openwall.com/lists/oss-security/2016/02/13/8

-- 
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3



Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.