We are not on a linux distros mailing list, because we are not a linux distribution. And this private mailing list is not really an acknowledged conduit for vulnerability release.
I was asked by someone privately if *I* would be on that mailing list on June 2nd. I said I would consider it, but as I felt the list was not being used for advanced disclosure in a practical means, I didn't see the reason for it. - but I would be open to it if it was being used for advanced disclosure.. my words on june 2 ended with: >In a nutshell, I suppose I'm asking you - does this help if the list only gets >notification at the same time, basically, as public release? > >Or are there some "rules" for participants? The reply I got said they couldn't give any details because there were not any - so obviously as of June 2, someone who was on and maintained that list did not feel that there was any need to be on the list for advance disclosure of bugs. For the record, we didn't get advance notice of Heartbleed either, so this is nothing new. On Thu, Jun 5, 2014 at 2:43 PM, Martin, Matthew <phy1...@utdallas.edu> wrote: >> That's exactly my though. Specially, because FreeBSD and NetBSD were >> warned, but not OpenBSD. If this was only a rant or any childish >> behavior from them, it's something stupid and, of course, not the right >> thing to do. But hey, we're all human. My real concern is if this >> something else, a hidden agenda, in that this "stupid disclosure" was >> indeed, carefully planed. One can never have too many conspiracy >> theories. Specially after what has been happening the last year. Thanks >> for the clarification. > > Mark Cox claims that the reason OpenBSD was not told is because OpenBSD > is not on the distros mailing list and if we were then "they'd be able > to work with other distros on issues in advance." > > It's at http://oss-security.openwall.org/wiki/mailing-lists/distros . > > Not saying I believe or disbelieve him, but it can't hurt to join even > if it is only until 5.6 comes out. > > - Matthew Martin
