|
Message-ID: <oXx80JgYC6BjD_znKZs7JW2ithWRy0sZNy5FQelve1UwJsLmZWxJvIRVdS8HyQJee3Z59PxupDs022828NIklgHpmOyUTayvrNtaykmB_ww=@itk.swiss> Date: Mon, 09 Oct 2017 16:17:40 -0400 From: Stiepan <stie@....swiss> To: fk@...iankeil.de, oss-security@...ts.openwall.com Cc: kseifried@...hat.com Subject: Re: Linux kernel CVEs not mentioned on oss-security +1; let's use other identifiers! And why not, a blockchain (based on at least SHA3) for public security issues? That would be great. And as trustable, as transparent as it needs to be. Amen -------- Original Message -------- On 9 Oct 2017, 13:11, Fabian Keil wrote: > Kurt Seifried wrote: > >> If you see this: PLEASE SUBMIT THE URL AS AN UPDATE TO THE CVE USING THE >> CVE FORM (yes, I am shouting). >> >> https://cveform.mitre.org > > As you seem to be "shouting" a lot lately, I just like to point out > that using the MITRE(!) form requires the execution of non-free and > unsigned software from various sources. > > Some people don't consider this a problem, others do. > >> Choose "Request an update to an existing CVE entry" and then for "Type of >> update requested" choose "Update References" and then eneter the CVE #, >> the ifo and URL and hit "Submit Request" > > ... trust your browser's "sandbox" to work as advertised for a change > and ignore the fact that you're running proprietary software that may > or may not be customised just for your system and can't be easily > audited in advance. > >> TL;DR: Everyone wants the cat to wear a bell, and in past I'll admit we >> (the CVE community) didn't make it easy to contribute. Well now we have >> made it easy to contribute, so please do. > > TL;DR: Not everyone wants to allow remote code execution just to > request a CVE. Some people are sufficiently satisfied when security > issues are found and fixed in time. While CVE number are sometimes > nice to have, other identifiers work just as well (for some). > > Fabian @redhat.com>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.