Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230914151403.GA15124@openwall.com>
Date: Thu, 14 Sep 2023 17:14:03 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: illumos (or at least danmcd) membership in the distros list

On Thu, Sep 14, 2023 at 10:42:19AM -0400, Demi Marie Obenour wrote:
> On Wed, Sep 13, 2023 at 08:21:22PM +0000, Dan McDonald wrote:
> > For now, I would like to add myself:  danmcd@....io.
> 
> Would security@...umos.org be a better choice?

No.  One of the differences of (linux-)distros from its predecessor
vendor-sec is that we don't subscribe any exploder addresses - we only
subscribe individuals.  Some distro security teams can be rather large,
with not everyone in there needing direct (linux-)distros subscription.
Also, by far not every issue is relevant to every distro.  So the
distro's individual representatives on (linux-)distros are supposed to
share only relevant information with others on their teams.

That said, the membership is for the distro, not for the individuals.
The Subject line here is confused about that.  The difference is in what
uses of information are allowed (only for the distro's security) and in
conditions for staying subscribed (only while requested by the distro's
leadership and only as needed for the distro's security).

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.