Announcement regarding the oss-security mailing list

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Announcement regarding the oss-security mailing list

From:	Leo Famulari
Subject:	Announcement regarding the oss-security mailing list
Date:	Sat, 11 Feb 2017 14:44:00 -0500
User-agent:	Mutt/1.7.2 (2016-11-26)

I think that several of us are subscribed to oss-security as part of our
effort to learn about upstream security issues in a timely manner.

A couple days ago, MITRE decided to stop assigning CVEs from the list:

http://seclists.org/oss-sec/2017/q1/351

So, I expect that we will see fewer bugs sent to oss-security, and Guix
developers interested in package security may need to adjust their
approach to learning about such bugs.

Let's share some tips on where to find this information.

I look at the lwn.net security advisories, the Debian security-announce
mailing list, `guix lint -c cve`, the upstream bug trackers of a handful
of packages, and even some Twitter personalities.

What about you?

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Announcement regarding the oss-security mailing list, Leo Famulari <=
- Re: Announcement regarding the oss-security mailing list, Ricardo Wurmus, 2017/02/11
  - Re: Announcement regarding the oss-security mailing list, Marius Bakke, 2017/02/14
- Re: Announcement regarding the oss-security mailing list, ng0, 2017/02/11
- Re: Announcement regarding the oss-security mailing list, Alex Vong, 2017/02/12
- Re: Announcement regarding the oss-security mailing list, Ludovic Courtès, 2017/02/12
  - Re: Announcement regarding the oss-security mailing list, Efraim Flashner, 2017/02/13

Prev by Date: Re: `guix pull` over HTTPS
Next by Date: Re: Shadow -> 4.4
Previous by thread: Add .desktop files to urxvt (fixes bug #23106)
Next by thread: Re: Announcement regarding the oss-security mailing list
Index(es):
- Date
- Thread