On Tue, Jul 02, 2002 at 11:12:22PM -0600, Todd C. Miller wrote:

 > I'm going to don my asbestos suit for a minute and suggest that
 > what we could really use is a *BSD security list, akin to the Linux
 > vendor-sec list.  I think it makes sense to have a place where we
 > can discuss security issues common to all the BSDs and not worry
 > about what is or is not of specific interest to ChooseYouOwnBSD.

Actually, I think this is a fabulous idea.

 > This could take one of two forms:
 > 
 >  a) A list open only to the various security officers that gets
 >     advance warning of problems, CERT advisories, etc..  This allows
 >     for coordinating fixes but requires that list members not forward
 >     things off-list.  In the past, such lists have been leaky.
 > 
 >  b) An open list.  No advanced warning of problems would be posted.
 >     The list could still be used for coordination but I don't find
 >     this terribly compelling.
 > 
 > Opinions?

I think having two lists:

	bsd-security-alert
	bsd-security-discuss

would be useful.  I could probably arrange for Wasabi to host them,
much like Wasabi currently hosts the bsd-api-announce and bsd-api-discuss
mailing lists (both of which have been useful forums for *BSD cooperation
in recent months).

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>