[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Security vulnerability process, and CVE-2012-0217

On 04/07/12 10:27, Ian Campbell wrote:
> On Thu, 2012-06-28 at 19:30 +0100, Alan Cox wrote:
>> > 
>>>> > > > 8. Predisclosure subscription process, and email address criteria
>> > 
>> > Email is not a trustworthy medium. The linux security list  was in the
>> > past intercepted. 
> I think it would be wise to add encryption (and the requirement to
> provide a key) to the pre-disclosure list. I wonder if mailman has
> per-subscriber encryption capabilities.
> If not then we should consider moving this particular list to a list
> manager which can. Apparently whatever the linux-distros list uses can
> do this (judging from
> http://oss-security.openwall.org/wiki/mailing-lists/distros)

That's correct.   linux-distros (and distros) also precludes having
exploder lists in organisations.   That's not generally going to be a
problem -- you're not likely to have more than a handful of people on
the list even in largish organisations.

The linux-distros and distros lists are, I believe, based around
something the list manager maintains.  You'd have to ask him about how
it works.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.