Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261558AbVALXNE (ORCPT ); Wed, 12 Jan 2005 18:13:04 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261229AbVALXLx (ORCPT ); Wed, 12 Jan 2005 18:11:53 -0500 Received: from fw.osdl.org ([65.172.181.6]:38307 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S261555AbVALXKj (ORCPT ); Wed, 12 Jan 2005 18:10:39 -0500 Date: Wed, 12 Jan 2005 15:10:38 -0800 From: Chris Wright To: Florian Weimer Cc: Greg KH , linux-kernel@vger.kernel.org Subject: Re: thoughts on kernel security issues Message-ID: <20050112151038.W469@build.pdx.osdl.net> References: <20050112094807.K24171@build.pdx.osdl.net> <20050112185133.GA10687@kroah.com> <20050112191814.GA11042@kroah.com> <87sm56e8po.fsf@deneb.enyo.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <87sm56e8po.fsf@deneb.enyo.de>; from fw@deneb.enyo.de on Wed, Jan 12, 2005 at 08:41:23PM +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1451 Lines: 39 * Florian Weimer (fw@deneb.enyo.de) wrote: > * Greg KH: > > >> In other words, if you allow embargoes and vendor politics, what would the > >> new list buy that isn't already in vendor-sec. > > > > vendor-sec handles a lot of other stuff that is not kernel related > > (every package that is in a distro.) This would only be for the kernel. > > I don't know that much about vendor-sec, but wouldn't the kernel list > contain roughly the same set of people? No. > vendor-sec also has people > from the *BSDs, I believe, but they should probably notified of Linux > issues as well (often, similar mistakes are made in different > implementations). Take a look at . Pretty good description. It's normal for projects to have their own security contact to handle security issues. Once it's vetted, understood, etc...it's normal to give vendors some heads-up. > If the readership is the same, it doesn't make sense to run two lists, > especially because it's not a normal list and you have to be capable > to deal with the vetting. It's not the same readership. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/