From mboxrd@z Thu Jan  1 00:00:00 1970
From: Alex Vong <alexvong1995@gmail.com>
Subject: Re: FW: [oss-security] accepting new members to (linux-)distros lists
Date: Thu, 29 Jun 2017 12:48:22 +0800
Message-ID: <87efu3h015.fsf@gmail.com>
References: <20170628213609.GA14802@jasmine.lan>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha512; protocol="application/pgp-signature"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45469)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <alexvong1995@gmail.com>) id 1dQRNe-0003cx-3d
	for guix-devel@gnu.org; Thu, 29 Jun 2017 00:48:39 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <alexvong1995@gmail.com>) id 1dQRNa-0000m7-6T
	for guix-devel@gnu.org; Thu, 29 Jun 2017 00:48:38 -0400
Received: from mail-pf0-x241.google.com ([2607:f8b0:400e:c00::241]:34260)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <alexvong1995@gmail.com>)
	id 1dQRNa-0000lV-08
	for guix-devel@gnu.org; Thu, 29 Jun 2017 00:48:34 -0400
Received: by mail-pf0-x241.google.com with SMTP id d5so11548436pfe.1
	for <guix-devel@gnu.org>; Wed, 28 Jun 2017 21:48:33 -0700 (PDT)
In-Reply-To: <20170628213609.GA14802@jasmine.lan> (Leo Famulari's message of
	"Wed, 28 Jun 2017 17:36:09 -0400")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Leo Famulari <leo@famulari.name>
Cc: guix-devel@gnu.org

--=-=-=
Content-Type: text/plain

Leo Famulari <leo@famulari.name> writes:

[...]
> But, the "Stack Clash" issues took us by surprise and we spent a few
> days writing and testing our fixes. We are committed to supporting
> 32-bit platforms where these bugs are apparently easy to exploit.
> Without access to the exploits or detailed discussion, it was very
> difficult to know if our fixes actually worked. So, we could have
> responded more quickly and effectively with early notice.
[...]

Should we bring this discussion to nix devs as well? I am sure they are
facing the same issue of not having early access to vulnerabilities. It
will be insightful to know how they dealt with it in the past and their
opinions on joining the list.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAllUhpYACgkQxYq4eRf1
Ea6Qxg/+LytLS7tYeJH1eKCleHIdMh+nJBwZ4jm74fSlB6xYL7fq1iAcx/az8Zm6
x96duKnc4rxZ3752JLu5kYM8CaIlfqcBt6nM5t/o1v05p+UlK1gInA5Ity9PCOwq
IBeD21Ug6wEgoB543N3KFM/hQ4wCDbaZad5CNNSGgc5lvh7mQ8/I2ROJ6zUXwNOG
G/DnJ/+sco1MmtDwerGx1Db4w/LNBpAk8z0rpSVdhPilwQoc3wBctAU3jRiJhLgj
mPolTDY9mLwbMwFC0mPz+CLsMny5g7BgxoWJkFcNs7megRjQSkvxRj0K+zxqkaX1
u9XzbGigsTULkJXU/bkn3IFrkrUnhvN2ZLRBbBlmqyEJnJXIf96knPVaYPdrMD2l
lbs9UvGdYFjB0K2KJ5lWz12iiUkra6cvcwFPzxm3BcoufqReiVpS+kMufZo14Hs5
3fi36G9usi5Ttfg3VYK3yB9Y7XifHV/btJzpWM7feHcmtoIUAeKC8noreOX6qOh1
jbja964HQwKTLJ6t1WLLrWDXROG/vuiFJzC2/Mwyo+h6sA7w42jqf83skrVp40nE
zWHy+LquPC7mAuksaoGZZXRVijUi90Qd3LA8WpYvf0quz7+1HhwnZA1oidG6iTPL
EOz5ZOUUmeODGccVGgAjg7pqK/2jdnmcEQgzowYqPH+I9Cv6syQ=
=5L7/
-----END PGP SIGNATURE-----
--=-=-=--