[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Announcement regarding the oss-security mailing list
From: |
Ludovic Courtès |
Subject: |
Re: Announcement regarding the oss-security mailing list |
Date: |
Sun, 12 Feb 2017 14:59:57 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi Leo,
Leo Famulari <address@hidden> skribis:
> I look at the lwn.net security advisories, the Debian security-announce
> mailing list, `guix lint -c cve`, the upstream bug trackers of a handful
> of packages, and even some Twitter personalities.
For me it’s mostly oss-sec, LWN, and ‘guix lint’.
The good thing with the new MITRE policy is that the CVE database will
be more up-to-date, IIUC. Until now, they’d quickly reserve an ID for
issues reported to oss-sec, but then it would take time until the CVE
database would be updated to contain all the info (for the recent Guile
CVEs, they asked me to give them the details again after two months or
so…). As a side effect, ‘guix lint -c cve’ should become more useful.
Ludo’.