[Asterisk-Security] asterisk-security-announce@ ?
steve szmidt
steve at szmidt.org
Wed Mar 14 18:20:33 MST 2007
On Wednesday 14 March 2007 15:19, leander wrote:
> On 3/14/07, steve szmidt <steve at szmidt.org> wrote:
> > With the low volume here why not just send it to this list?
>
> It would be difficult to use for any type of monitoring, e.g. when you
> get an email will it be a discussion with the word vulnerability in
> the body, or a report an actual vulnerability was found?
>
> I think it would be good to have a separate list for disclosure only,
> and keep this for discussion as the description says.
>
> Thanks for your consideration.
Hmm, I really don't see the problem to discern the two. We got a whopping 157
messages in over two years, so you are not bogged down at all.
You are probably going to use a standard way to report them and it does not at
all violate the spirit of the purpose of this list. I'd preface it with
VULNERABILITY: in the subject line and simple filter does the rest.
On the other hand you don't need anyones approval to ask for a list. Or simply
creating one. Though it would obviously be nice to have it be part of digiums
official lists.
I'm for using this list as there are already too many lists to keep, and it
would in my views be nice get it at the one spot where security is discussed.
--
Steve Szmidt
"They that would give up essential liberty for temporary safety
deserve neither liberty nor safety."
Benjamin Franklin
More information about the Asterisk-Security
mailing list