oss-security Mailing List Charter

Group Purpose

The purpose of the Open Source Security (oss-security) group is to encourage public discussion of security flaws, concepts, and practices in the Open Source community. The members of this group include, but are not limited to Open Source projects, distributors, researchers, and developers.

List Membership and Moderation

Membership to this group is not formally restricted, but is targeted at Open Source Projects, Distributors, Researchers, and Developers.

Anyone can send mail to the mailing list at oss [dash] security [at] lists [dot] openwall [dot] com, regardless of membership status. Non-members, and new members will have their messages to the mailing list moderated to ensure that the discussions remain on topic and stay positive. Once a person has shown themselves to be a responsible community member, their messages to the list will no longer be moderated.

Anyone is welcome to subscribe to the mailing list by sending an empty message to oss [dash] security [dash] subscribe [at] lists [dot] openwall [dot] com or entering the e-mail address on the subscription page. You will be required to confirm your subscription by “replying” to the automated confirmation request that will be sent to you. You will be able to unsubscribe at any time and we will not use your e-mail address for any other purposes or share it with a third party. However, if you post to the list, other subscribers and those viewing the archives may see your address(es) as specified on your message.

Please note that registration on this wiki is distinct from mailing list subscription; you're not automatically subscribed when you register on the wiki.

A read-only archive of the discussions contained on the list is available to the general public locally, as well as via Gmane, MARC, and SecLists.Org (RSS feed). Additionally, you may follow oss_security on Twitter.

List Content Guidelines

  • English please
  • Plain text mail required (no HTML-only messages)
  • This is a security list. Some off-topic discussion is acceptable, but often it just turns into a long messy thread where nobody gets along. Try to stick to the topic of security
  • Public security issues only please. What you say here is public for the world to see - keep that in mind. Some kinds of embargoed information (intended for public disclosure in at most 2 weeks) may be disclosed to distros.
  • Please don't send fully working exploits (but testcases that exercise the flaw are welcome)
  • Security advisories aimed at end-users only are not welcome (e.g., those from a distribution vendor announcing new pre-built packages). There has to be desirable information for others in the Open Source community (e.g., an upstream maintainer may announce a new version of their software with security fixes to be picked up by distributors).
  • Please keep discussions relevant to Open Source software. This is not a list to discuss the behavior or problems with closed source software or companies.
  • Please don't post conference CFPs and (e-)magazine calls for articles. (These are generally cross-posted to lots of places, and oss-security list members have expressed that they do not want to see them here.)

Contact Information

If you experience any problems with mailing list subscription or setup, or have suggestions on improving it, please contact us at listadmin [at] oss [dash] security [dot] openwall [dot] org.

mailing-lists/oss-security.txt · Last modified: 2014/02/18 02:49 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux Bookmark and Share