Re: thoughts on kernel security issues

[Chris Wright]

* Florian Weimer (fw@xxxxxxxxxxxxx) wrote:
> * Greg KH:
> 
> >> In other words, if you allow embargoes and vendor politics, what would the 
> >> new list buy that isn't already in vendor-sec.
> >
> > vendor-sec handles a lot of other stuff that is not kernel related
> > (every package that is in a distro.) This would only be for the kernel.
> 
> I don't know that much about vendor-sec, but wouldn't the kernel list
> contain roughly the same set of people?

No.

> vendor-sec also has people
> from the *BSDs, I believe, but they should probably notified of Linux
> issues as well (often, similar mistakes are made in different
> implementations).

Take a look at <http://www.freebsd.org/security/index.html>.  Pretty
good description.  It's normal for projects to have their own security
contact to handle security issues.  Once it's vetted, understood,
etc...it's normal to give vendors some heads-up.

> If the readership is the same, it doesn't make sense to run two lists,
> especially because it's not a normal list and you have to be capable
> to deal with the vetting.

It's not the same readership.

thanks,
-chris
-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/