[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Announcement regarding the oss-security mailing list
|
From: |
Efraim Flashner |
|
Subject: |
Re: Announcement regarding the oss-security mailing list |
|
Date: |
Mon, 13 Feb 2017 10:37:46 +0200 |
|
User-agent: |
Mutt/1.7.2 (2016-11-26) |
On Sun, Feb 12, 2017 at 02:59:57PM +0100, Ludovic Courtès wrote:
> Hi Leo,
>
> Leo Famulari <address@hidden> skribis:
>
> > I look at the lwn.net security advisories, the Debian security-announce
> > mailing list, `guix lint -c cve`, the upstream bug trackers of a handful
> > of packages, and even some Twitter personalities.
>
> For me it’s mostly oss-sec, LWN, and ‘guix lint’.
>
> The good thing with the new MITRE policy is that the CVE database will
> be more up-to-date, IIUC. Until now, they’d quickly reserve an ID for
> issues reported to oss-sec, but then it would take time until the CVE
> database would be updated to contain all the info (for the recent Guile
> CVEs, they asked me to give them the details again after two months or
> so…). As a side effect, ‘guix lint -c cve’ should become more useful.
>
> Ludo’.
>
That's great, in the past I assumed that if `guix lint -c cve' found the
CVE then it had already been out for a bit.
--
Efraim Flashner <address@hidden> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature