How about a sensible middle ground? Daily batches of MDVSA
vulnerabilities?
On Apr 10, 2013, at 9:48 AM, Alex wrote:
I agree! I hate those MDVSA spam!!
On Wed, 10 Apr 2013 17:36:59 +0200, Fabian Wenk <[email protected]>
wrote:
Hello Erik
On 10.04.2013 17:16, Erik Falor wrote:
On Wed, Apr 10, 2013 at 11:44:22AM +0100, Peter W-S wrote:
Is it really necessary to spam the list with a separate email for
every issue you want to report? Perhaps one email a week with a
link to the full report would suffice?
It is necessary.
Waiting a week for a batched email to find out my software has
vulnerabilities is not acceptable just because some people insist on
reading email on their telephone.
If you are using Mandriva, then you could and should subscribe
directly to the announce or security mailing list there.
I really prefer the step e.g. Ubuntu (and also some other Linux
distribution I do not remember) have taken about 2 years ago. They
stopped sending out their security announces to Bugtraq and
Full-Disclosure. I would be happy if other distributions or projects,
with such high volume of announces, would do the same.
bye
Fabian
--
* Peter Thoeny - peter09[at]thoeny.org
* http://TWiki.org - is your team already TWiki enabled?
* Knowledge cannot be managed, it can be discovered and shared
* This e-mail is: (_) private (_) ask first (x) public
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
