On Wed, Apr 10, 2013 at 1:36 PM, Peter Thoeny <[email protected]> wrote: > How about a sensible middle ground? Daily batches of MDVSA vulnerabilities? Sounds like a good idea - perhaps prepare one bulletin with affected components and provide links to the detailed article.
I imagine the folks who prepare and send the bulletins would not mind a reduction in workload (preparing/signing/sending one bulletin vs many bulletins). > On Apr 10, 2013, at 9:48 AM, Alex wrote: > >> I agree! I hate those MDVSA spam!! >> >> On Wed, 10 Apr 2013 17:36:59 +0200, Fabian Wenk <[email protected]> >> wrote: >>> >>> Hello Erik >>> >>> On 10.04.2013 17:16, Erik Falor wrote: >>>> >>>> On Wed, Apr 10, 2013 at 11:44:22AM +0100, Peter W-S wrote: >>>>> >>>>> Is it really necessary to spam the list with a separate email for every >>>>> issue you want to report? Perhaps one email a week with a link to the full >>>>> report would suffice? >>>> >>>> >>>> It is necessary. >>>> >>>> Waiting a week for a batched email to find out my software has >>>> vulnerabilities is not acceptable just because some people insist on >>>> reading email on their telephone. >>> >>> >>> If you are using Mandriva, then you could and should subscribe >>> directly to the announce or security mailing list there. >>> >>> I really prefer the step e.g. Ubuntu (and also some other Linux >>> distribution I do not remember) have taken about 2 years ago. They >>> stopped sending out their security announces to Bugtraq and >>> Full-Disclosure. I would be happy if other distributions or projects, >>> with such high volume of announces, would do the same. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
