Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20080414160119.GH55862@linsec.ca>
Date: Mon, 14 Apr 2008 10:01:19 -0600
From: Vincent Danen <vdanen@...sec.ca>
To: xvendor@...ts.openwall.com
Subject: Re: "going public"

* [2008-04-14 19:48:26 +0400] Solar Designer wrote:

Cherry picking some responses here.

[...]
>Let me use this opportunity to ask - does anyone (of the current list
>members) have any objections regarding me publicly mentioning their
>project or company (as derived from the domain name) as being
>"potentially represented" on this mailing list?  If so, please let me
>know (private e-mail works fine).
>
>Also, anyone (who's currently on the list) can feel free to let me know
>the specific project and company name(s) that they represent, along with
>authorization to mention those next time this is brought up on the list.

I have no problem noting that Mandriva is represented on this list.

[...]
>> 4. If the purpose is clear it needs some announcement (to the dedicated 
>>    folks) so that folks know about it and it soon drives itself.
>
>I agree.  Do you (or anyone) have suggestions on where to announce this
>list such that we attract the right folks?  Indeed, I do have some
>thoughts of my own, but I am sure that other list members can contribute
>theirs as well.

I think that a mention on the oss-security wiki may not be bad, in an
"extra links" section or something.  The people on the list could also
forward details internally.  For instance, I may be on here representing
Mandriva but I largely deal with security-related stuff, so it would
probably be in both the list's and Mandriva's interest to have one or
two of the actual developers on board.

>> 5. We should avoid a vendor-sec clone, otherwise the competition will
>>    destroy both lists.
>
>To me, xvendor is not even similar to vendor-sec in terms of appropriate
>topics - I see no intersection.  Indeed, many folks will be on both
>lists, as well as on oss-security, but that's just right.  It's the
>topics that will differ.

No, it sounds like there are a lot of lists now (vendor-sec,
oss-security, xvendor), but I don't think any of them are "clones" of
each other or in any way compete.

-- 
Vincent Danen @ http://linsec.ca/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the xvendor mailing list charter.