Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #15751
| Path | csiph.com!2.eu.feeder.erje.net!feeder.erje.net!feeds.news.ox.ac.uk!news.ox.ac.uk!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Michael McNally <mcnally@isc.org> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Experimenting with a new practice for pre-announcing vulnerability disclosures |
| Date | Thu, 14 May 2020 00:35:43 -0800 |
| Lines | 28 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.402.1589445328.942.bind-users@lists.isc.org> (permalink) |
| References | <6978e6dd-6187-2c1f-d51a-5c617612e03c@isc.org> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | quoted-printable |
| X-Trace | usenet.stanford.edu 1589445345 23816 149.20.1.60 (14 May 2020 08:35:45 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | bind-users@lists.isc.org |
| Return-Path | <mcnally@isc.org> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| Autocrypt | addr=mcnally@isc.org; keydata= mQENBE4I0bcBCACzmGY5YZuAL8eArSrHAIn2Y6Io7ZddCw5AKYLzCA+Ydcy4DEmBuQGVB8HY ZW8WQxkh9AYiCevuLtT9TOswtIrWquuTNkgG/ZfnD15feH4XDAK+l6FwqHP0MNBQHgxIFYNz Kheg3Y+X89e8DdEzkTGWKy9wEGH2/9p620ZD+7fT4Nh5m7MKEvP3glJdLMm/pU6X3LucJqnC ZdCkTnzZwhgPnUg8zw8ZhFruWcyCPA/+OJWZtAVJNKWyWIOselm3bG/mqSV9Py2ku3JlelBQ 9tGbzeW+li8gidp7lZdNvR3L/HvEwkxMw1/FdouXfvBNqKo84HlSQ5dR4NvGXPlMuMqTABEB AAG0IU1pY2hhZWwgTWNOYWxseSA8bWNuYWxseUBpc2Mub3JnPokBOAQTAQIAIgUCTgjRtwIb LwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQlumWUDlMmawMMAf/YWPFtyqpgUtrPlkT tA/j9DxI/0iD9zU5Xw7JwsO4A9Y3N1Es4+MGLkJdEcO/zq9fELmp+WFtR3GJ0xmg3Wd2vMRl Qz8nJnZpue0kK7CuSk3HaIuiTBqpp2SO/02fwQNfaIZb6TNzjGSYPdFx7Ws+Wo6acV6cvrtG jLBbcW/kRwwUB+Jx+E/swPNljBMGv3CSnLMxdqfOhrSAuZZZtylZcT33cTI+pCy3a4HPweXL C8p2vxI9lpU7ceDt6xJsv4dOC27jl5ZbC9CrhfkNl6UA7mZLtODy6t53VteOoUYPugUrOLr7 MmCnOCQ87Djr0xLCON956d1lin2XwhAfQLmhtbkBDQROCNG3AQgAx2Yb/WoYxmtBoTp77U1L QbcGIJFIVDG59wWgR4pFhVQO/4bhR64VV05w6m4OpmkFBGxcjAy3mKy7b2J4OEyrwGImzX+C 9iXpuXBckW03Afp+F7N7gYjPzEENMeS/6bGU4OofUl2KbJZ0y5g0EDPN+ScTDisLqn1UWE3e dKW5Ua3i6LBVS0FrbjZmv1rrn4lX2bsbVGnO376akxYmmujPxJauiP3pVc6UZ4zKH/pt/kUs mh+y3aSmRSQCVNVh3PXWIoGyCowUEQPeufbtm6YG1DkI9foHlEsUEo+vS1XPSNovmahVU+4B ZmlLdk3PDLuvkJa2dvRCpdicdEKbOUYDsQARAQABiQI+BBgBAgAJBQJOCNG3AhsuASkJEJbp llA5TJmswF0gBBkBAgAGBQJOCNG3AAoJEDsbHdIEoEIy3WoH/RyMNtHL5jrCHMXY85YtaPH4 DtA9bzuIRStPaoxxPtn7ar85pI/qvQ6gsPHfG3XifFoB1nhFC4b575+KMvFe+0HTdv8GoVNd y6y/tM8xV2zDas6f47uwq62EQE+VuOMx/0FqKHf1QiVv7qeIUxrouftho//iYSAYoiom44NB 8eNzzN3FUDYeEDZ/5it31TUFCAiYZV8qlB16fLetZ/w2Q5WM1GT8L5NRHHO89RTExNmn+7su S2aUJa/VcXbzZclyuvMv3jI/oYT1FL4ahYvV0P+QJn3vV5HjgptLoV0G5Q+JdtfsrmkI8Azz u3z1TeZ2Ud7bS5tDmEE5dwt/urRIYCKaeQgAoE0jUs6y5yXbITifkMAIApw/Su7Ez+vfS/al +58SmuR36zgpxBYRd0v3jXBqtofH/hwPkognm5suSUCjnBRxGS4mAx739eB1M+vQKWXvnKo/ 3LU51Sybvz8VTMDuF50Vg7XhSQ0CBR652zn7A60owGgYQ0vy42veK4zyimg1WT034HNloxvq 886NBz0PpBbiaMMZquoOKbEt6w3iilFEbwDo6BeBit6zrox04tuKKHnCVnH0xJ2LPN34H+z0 2RZJUh91/QiwAeuc3Z+Dvk/FYgSzcCTZuMP7irBtH+mNEfsnDW48jCIfqzIlnh6lTPLqMdAW ORJz9bl+BiRdRg2YZg== |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
| Content-Language | en-US |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.29 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users/> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <6978e6dd-6187-2c1f-d51a-5c617612e03c@isc.org> |
| Xref | csiph.com comp.protocols.dns.bind:15751 |
Show key headers only | View raw
Hey BIND-users, I hope that most of you are already subscribed to the bind-announce list. But for those who are not, bind-announce is another public list operated by Internet Systems Consortium. It is a low-traffic list which ISC staff use to make announcements concerning the BIND project -- most frequently about the release of new versions of BIND or occasionally when we disclose a serious security vulnerability. You can subscribe by going to: https://lists.isc.org The reason I bring it up is that ISC is experimenting with a new practice to extend our Security Vulnerability Disclosure Process. After observing this practice being used successfully by other open-source projects, we have modified our disclosure policy to allow us to (optionally) make a limited pre-announcement giving a "heads up" a few days before a public disclosure occurs. Such pre-announcements, should they occur, will be posted to the bind-announce list and you can see the first example of one in the list archives even if you are not a subscriber: https://lists.isc.org/pipermail/bind-announce/2020-May/001153.html Michael McNally ISC Support
Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread
Experimenting with a new practice for pre-announcing vulnerability disclosures Michael McNally <mcnally@isc.org> - 2020-05-14 00:35 -0800
csiph-web