From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: Announcement regarding the oss-security mailing list Date: Sun, 12 Feb 2017 14:59:57 +0100 Message-ID: <87h93zwluq.fsf@gnu.org> References: <20170211194400.GA10091@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:59372) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ccuhA-0002OR-8V for guix-devel@gnu.org; Sun, 12 Feb 2017 09:00:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ccuh6-0005RN-FH for guix-devel@gnu.org; Sun, 12 Feb 2017 09:00:04 -0500 In-Reply-To: <20170211194400.GA10091@jasmine> (Leo Famulari's message of "Sat, 11 Feb 2017 14:44:00 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Hi Leo, Leo Famulari skribis: > I look at the lwn.net security advisories, the Debian security-announce > mailing list, `guix lint -c cve`, the upstream bug trackers of a handful > of packages, and even some Twitter personalities. For me it=E2=80=99s mostly oss-sec, LWN, and =E2=80=98guix lint=E2=80=99. The good thing with the new MITRE policy is that the CVE database will be more up-to-date, IIUC. Until now, they=E2=80=99d quickly reserve an ID = for issues reported to oss-sec, but then it would take time until the CVE database would be updated to contain all the info (for the recent Guile CVEs, they asked me to give them the details again after two months or so=E2=80=A6). As a side effect, =E2=80=98guix lint -c cve=E2=80=99 should = become more useful. Ludo=E2=80=99.