From mboxrd@z Thu Jan 1 00:00:00 1970 From: Efraim Flashner Subject: Re: Announcement regarding the oss-security mailing list Date: Mon, 13 Feb 2017 10:37:46 +0200 Message-ID: <20170213083746.GB2475@macbook42.flashner.co.il> References: <20170211194400.GA10091@jasmine> <87h93zwluq.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="GID0FwUMdk1T2AWN" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:60589) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cdC8x-000714-Ht for guix-devel@gnu.org; Mon, 13 Feb 2017 03:37:56 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cdC8u-00008E-Fb for guix-devel@gnu.org; Mon, 13 Feb 2017 03:37:55 -0500 Content-Disposition: inline In-Reply-To: <87h93zwluq.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Cc: guix-devel@gnu.org --GID0FwUMdk1T2AWN Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 12, 2017 at 02:59:57PM +0100, Ludovic Court=C3=A8s wrote: > Hi Leo, >=20 > Leo Famulari skribis: >=20 > > I look at the lwn.net security advisories, the Debian security-announce > > mailing list, `guix lint -c cve`, the upstream bug trackers of a handful > > of packages, and even some Twitter personalities. >=20 > For me it=E2=80=99s mostly oss-sec, LWN, and =E2=80=98guix lint=E2=80=99. >=20 > The good thing with the new MITRE policy is that the CVE database will > be more up-to-date, IIUC. Until now, they=E2=80=99d quickly reserve an I= D for > issues reported to oss-sec, but then it would take time until the CVE > database would be updated to contain all the info (for the recent Guile > CVEs, they asked me to give them the details again after two months or > so=E2=80=A6). As a side effect, =E2=80=98guix lint -c cve=E2=80=99 shoul= d become more useful. >=20 > Ludo=E2=80=99. >=20 That's great, in the past I assumed that if `guix lint -c cve' found the CVE then it had already been out for a bit. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --GID0FwUMdk1T2AWN Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkVdB/rIvpOM7bo+N9MHTkX6s7pMFAlihcFMACgkQ9MHTkX6s 7pOu1w/6A4Z7SNJntd0KTm1/NnpckaClLkvu1YKU2+k2PmnguxCibhbfvP6lL8Zv 1cyNfSjT7IGbmq4CqerH60GroXArMEW/jExvgAa5sd7Kbf9p2y8ThUTKjhxJyNgo 8mt+N765jh88Js4j1blKiqSgjgTw5h8mtTBiaqNazl+Y/+JOh07jGGgNcFXCViqT YMit2S38KszAbTCyVlznOhM9GPSUFj4/mfzekv1NMWoUQ607AYHsEKbwpT8kwPdI 49bTjNKIM7b8pLvnbme9NkeCy6x46aiLjnFJ1cX5JPoPUm0thOPqIyPn0/HhGIk4 qZLNiskRlgXX0Ad3XBQ+3iCUDaRRp5pEP2kEZnrHzVkTUxGShF8ZuFot6DE0sGoJ C47zbvS79h/qfJj/9eGXqNtjjzmF9aNHJ5BTUQkdM9FfWTPH/dsk62BBnolIdm7v 2Ihw4y68KaKtRF9sS3RussVbV++7dfTrUbvdPtr4HxdxWHdVwDruP+joJaV5fdHr nJgoIdPAD8PHE0uKDeExrw2l1hsBGdQe0buhLN0zCM23RjSG6cBDEoNbdN+pArNf M7HYQWcidnkkbLb/bw+DdRDvWJGd4Ne80zs5qN06C9srXbn5zR7QMRkFQ71mFiyL FFChompcDAoZ2a6bY4tiEHN+wu2hbJ9amZdOAnJKYymaqFOS488= =Z7sJ -----END PGP SIGNATURE----- --GID0FwUMdk1T2AWN--