I'm going to don my asbestos suit for a minute and suggest that
what we could really use is a *BSD security list, akin to the Linux
vendor-sec list.  I think it makes sense to have a place where we
can discuss security issues common to all the BSDs and not worry
about what is or is not of specific interest to ChooseYouOwnBSD.

This could take one of two forms:

 a) A list open only to the various security officers that gets
    advance warning of problems, CERT advisories, etc..  This allows
    for coordinating fixes but requires that list members not forward
    things off-list.  In the past, such lists have been leaky.

 b) An open list.  No advanced warning of problems would be posted.
    The list could still be used for coordination but I don't find
    this terribly compelling.

Opinions?

 - todd