security at ovirt.org mailing list
Carl Trieloff
cctrieloff at redhat.com
Wed Nov 9 16:56:15 UTC 2011
On 11/09/2011 11:46 AM, Justin Clift wrote:
> On 10/11/2011, at 3:36 AM, Chris Wright wrote:
>> * Carl Trieloff (cctrieloff at redhat.com) wrote:
>>> I think as long as the key members from each project are on the list,
>>> and it is oVirt project wide I think it will work. If we do a private
>>> list we can control the subscriptions to maintainers or something like
>>> that. I would be interested to know if any projects have a public
>>> security list. I don't know of any, but am going to google around a bit.
>> I'm not familiar with any. I haven't looked, but in all the projects
>> I've been involved in directly or indirectly the list was private. The
>> private list can work with distros via linux-distros at openwall.org list to
>> privately discuss things like embargo dates and oss-security at openwall.org
>> to openly discuss security issues (CVE request, classes of bugs, etc).
> If it helps as an example, the aeolus-security mailing list gives a public
> GPG key on our website. So, security professionals can sign/encrypt stuff
> to us if desired. That mailing list goes to core project members only, who
> have the private key, and the archives are also restricted.
>
> Seems like an ok approach, but we haven't had to actually make use of it
> yet. ;>
>
> Regards and best wishes,
>
> Justin Clift
>
> --
> Aeolus Community Manager
> http://www.aeolusproject.org
>
>
Chris,
Do you want to start a vote to add the list. suggesting a vote given the
topic of the list and that it would be private.
Carl.
More information about the Board
mailing list