Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20230415123118.GA10525@openwall.com>
Date: Sat, 15 Apr 2023 14:31:18 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: ncurses fixes upstream

On Sat, Apr 15, 2023 at 09:33:24AM +0300, Georgi Guninski wrote:
> Isn't MicroSoft member of linux distros mailing list [0], which
> purpose is exactly quietly trading 0days [1]?
> 
> Does the OP with m$ email address realize this?
> 
> [0] https://oss-security.openwall.org/wiki/mailing-lists/distros
> [1] https://seclists.org/oss-sec/2019/q3/19
> Re: linux-distros membership application - Microsoft

The (linux-)distros lists are meant for handling of embargoed issues
prior to their public disclosure and in cases where such private
handling is expected to help.  In this case, the issue was already
semi-public (via the fixes and the NEWS file) and I wouldn't expect
private handling to help more than public does.  Every distro present on
(linux-)distros is supposed to also be present on oss-security.  So in
my opinion Jonathan did the right thing of posting this to oss-security
right away.

Also, in general, choosing whether to post to linux-distros, to distros,
or to oss-security shouldn't be related to whether one is a member of
(linux-)distros or not.  Anyone can report an issue to any of these
lists as appropriate for the given issue and its current status.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.