Differences

This shows you the differences between two versions of the page.

Link to this comparison view

mailing-lists:vendor-sec [2011/11/17 17:32]
solar documented the new anti-spam check for the linux-distros list
mailing-lists:vendor-sec [2011/11/17 18:18] (current)
solar removed the linux-distros list info (now on its own page)
Line 22: Line 22:
  
 The mailing list was unmoderated,​ but requests for membership were manually vetted to ensure that only the target audience could join.  This was done to avoid leaking the potentially sensitive discussions. The mailing list was unmoderated,​ but requests for membership were manually vetted to ensure that only the target audience could join.  This was done to avoid leaking the potentially sensitive discussions.
- 
-====== Linux distribution security contacts list ====== 
- 
-As an experiment, a new mailing list was setup with membership limited to Linux distribution security contacts. ​ Moreover, the initial seed membership was also limited to those Linux vendors who were on vendor-sec. ​ New subscription requests are discussed in public on [[oss-security]]. 
- 
-Currently on the new list are: 
- 
-  * ALT Linux 
-  * CentOS 
-  * Debian 
-  * Frugalware 
-  * Gentoo 
-  * Mandriva 
-  * MontaVista Software 
-  * Openwall 
-  * Oracle 
-  * Pardus 
-  * Red Hat 
-  * SUSE 
-  * Slackware 
-  * Ubuntu 
-  * Wind River 
-  * rPath 
- 
-To report a medium severity ((Medium overall severity as estimated by risk probability and risk impact product. It is recommended that low severity security issues be reported to the public oss-security list right away, whereas high severity ones be reported to the affected vendors directly.)) security issue to the list, send e-mail to <​linux-distros@vs.openwall.org>,​ preferably PGP-encrypted to the key below. ​ If you choose not to PGP-encrypt your mail, then you must include ''​[vs]''​ (four characters) in the Subject line, or your message will be rejected by the mail server (for anti-spam reasons). 
- 
-Please note that **the maximum acceptable embargo period for issues disclosed to the list is 14 days**; please do not ask for a longer embargo. ​ If the security issue you're reporting affects non-Linux systems as well, please consider notifying other affected [[:​vendors|vendors]] as well and mention what you're doing on this or what you'd like done in your notification to the list. 
- 
-If you do not hear back within 48 hours, please send another message to inquire whether your initial message has in fact been received. 
- 
-<​file>​ 
------BEGIN PGP PUBLIC KEY BLOCK----- 
-Version: GnuPG v1.4.10 (GNU/Linux) 
- 
-mQENBE2YijgBCADJ7gsXv583bcxm7D4gGCjqUuNv+qLj6fgB+/​QNFOM0z3OB2YNj 
-3oaBRSR5DKhDRvHmNRbXTvNO7OjzPojMmkDlq2UgcmGHIrYraw9q/​e1Hpom4dF+O 
-1dIMwyOZ1WARtlR5znd3hwkGrGiFnkLqDJDLKXUn/​rSbRTFhay1zv1dAknR4/​+zJ 
-74YBhZo95zVYA7piF0VmDvXDK+9R3bQM0SgoThyfdiQQMpoFd48y0jFtcbrQlVgU 
-7M5l/​6JKTqANqxG3Qeilavqg9jG1AQyrGJCoCI6ItgDk1AyHB8hLHN6QVQl9XPpC 
-Uo5oXYpzPcMpdKzhnMD6/​AzF+z6UEHmcmArtABEBAAG0PkxpbnV4IGRpc3RybyBz 
-ZWN1cml0eSBjb250YWN0cyA8bGludXgtZGlzdHJvc0B2cy5vcGVud2FsbC5vcmc+ 
-iQE4BBMBAgAiBQJNmIo4AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDW 
-zkyuR+r385KNB/​0RyvjAjy6Zz2+UDq4JzR8aAt0DAScycD/​1jWMBzwncBrkoXG0v 
-yJ+m5AFtXcHRKGYgfZ8Aothpe5vi/​fnQnuAzz2RyGDw15/​7wyXWsA3rbWELCxx13 
-iLfFrFAXboM7FlGCCdALosEaJBM2gAuCNouxraFWXVOKXUPyJ1Kpry9AIffQJWD3 
-2Zzn2xsPbd02Fa6nLUWf+g3608RzqUv0TZmaFu4cFjGZkrx+RejUaSchPaf9Mqal 
-PlIQSMBsYgZlKYVcIXGXlSA3iXhFzcLgzlwcL6MMtK+iK7UJBXMCmw1GjrTsUcY0 
-qeJFZzJ43wf/​AoamAHKmOQIqxxIfebJX/​98riEYEEBECAAYFAk2YuO4ACgkQovwC 
-fFs0HxW8yQCfTFiGhEsDJyPRAXmBXMWEDxYq4gwAoICEzh0+CHUWazrIcHh4D7wl 
-zYwluQENBE2YijgBCACkA8GQr4IYbrPU5qDsTLvlL3YU8Bekg1HlhKOC+gr8/​PqI 
-09fQMaWBM9n79/​ss4ZaS3IAX/​S0HZtfpmfNc36FMTlpJRnbY1tF3NqjeIHJUGaf+ 
-0jXTInRdOxq0U0jHqW/​GLr6rNjxLFhhtFI7Y622vPf03cvZYd/​pBjyYlZCHAxeRC 
-0OqfXLUiNLr2L0LptUO8RsWUhZJtEW65fjn0heka/​eh/​P+IINQrA5ranVohv6tST 
-ucL8blHr91AfiNw9oI0VYI8jvkVQx+cjgJeTYlOegqzZ3Vq+une21nkLd9nbuauJ 
-Q7lodfhzH6yUrTQjwUpxi/​udXNFFIJFuM6IAAGkfABEBAAGJAR8EGAECAAkFAk2Y 
-ijgCGwwACgkQ1s5Mrkfq9/​O7fgf/​WYnIqcEQivO9SB90O1jplJP55HZoIUwf4Rrp 
-Y9Nbz3nG2qXo1b68kw/​O/​zggU90K3oJ+yzsyETLAOH5+nrOPBxjrGIYbVsEMt+Vf 
-W+7WahYvh30IJWLMy3Xv3v7uzHzP5T81FnwJyja85Y56rLyaYhk9E3KYcJ1phaYW 
-oFDQuioFUFDi6TV5WK13B5d/​InTy/​4uQDzOWPE0Ev8RTZex7hDx+SxwASszQnghn 
-ovWWEa96Gh5fpdoyWpBE9Na/​9Hz2y8RO+Okctct4xdZZFYcEg4wpnFigCBFIq+jx 
-K4LI8Y1o8SiVLMztF+knDaZxohs+7BWYGzsWvsYOGqTMkBM5IQ== 
-=tqdz 
------END PGP PUBLIC KEY BLOCK----- 
-</​file>​ 
mailing-lists/vendor-sec.txt ยท Last modified: 2011/11/17 18:18 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux