[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Announcement regarding the oss-security mailing list
|
From: |
Alex Vong |
|
Subject: |
Re: Announcement regarding the oss-security mailing list |
|
Date: |
Sun, 12 Feb 2017 14:44:17 +0800 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Leo Famulari <address@hidden> writes:
> I think that several of us are subscribed to oss-security as part of our
> effort to learn about upstream security issues in a timely manner.
>
> A couple days ago, MITRE decided to stop assigning CVEs from the list:
>
> http://seclists.org/oss-sec/2017/q1/351
>
> So, I expect that we will see fewer bugs sent to oss-security, and Guix
> developers interested in package security may need to adjust their
> approach to learning about such bugs.
>
> Let's share some tips on where to find this information.
>
> I look at the lwn.net security advisories, the Debian security-announce
> mailing list, `guix lint -c cve`, the upstream bug trackers of a handful
> of packages, and even some Twitter personalities.
>
> What about you?
I subscribed to Debian and Gentoo security announcement list. I try to
keep the subscription list short, since I already get a lot of emails,
and I only read them only in the weekend.
signature.asc
Description: PGP signature