Going around about the purpose of the list every month or so seems a little unnecessary, in my opinion. I hope that delineating 'discussion' from 'notification' might help.
This list is for 'security discussion', not 'security notification'. Also Simple. Posting, positing, and discussing known or potential vulnerabilities here is perfectly within bounds. Attacking individuals in any online format is almost certainly bound to create a flame-war, and doesn't help the quality or signal to noise ratio of the 'discussion'. If you want *notification* to monitor the security of Gentoo, monitor Bugzilla's 'security' component. Simple. There, the answer is in the open. The GLSA's and the 'security' component in Bugzilla provide 'full coverage' and a highly configurable *notification* interface, so I don't see any need to extend yet another *notification* interface by cluttering this *discussion* list. The original post of the vulnerability that spawned this thread was likewise a good deed, and we should encourage people to post things that they think the list or the broader community should be aware of. Good Job, Keep it up. Discussing ways of closing a vulnerability is clearly 'in scope' for the purpose of this list, as the broader community may have ideas. Good Job, Keep it up. I've gotten good ideas from this list in general, and from specific inquiries I've made in the past on this list. Posting a link to the bug was also a great 'full disclosure' response. Good Job, Keep it up. Regards, - Brian -- [email protected] mailing list
