* Carl Trieloff (cctrieloff@redhat.com) wrote:
I think as long as the key members from each project are on the list, and it is oVirt project wide I think it will work. If we do a private list we can control the subscriptions to maintainers or something like that. I would be interested to know if any projects have a public security list. I don't know of any, but am going to google around a bit.
I'm not familiar with any. I haven't looked, but in all the projects I've been involved in directly or indirectly the list was private. The private list can work with distros via linux-distros@openwall.org list to privately discuss things like embargo dates and oss-security@openwall.org to openly discuss security issues (CVE request, classes of bugs, etc). thanks, -chris