From owner-freebsd-audit  Sat Dec  4 23:12:40 1999
Delivered-To: freebsd-audit@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id 479AA15177; Sat,  4 Dec 1999 23:12:39 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id 3BFA51CD742
	for <audit@freebsd.org>; Sat,  4 Dec 1999 23:12:39 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Sat, 4 Dec 1999 23:12:39 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: audit@freebsd.org
Subject: Closed list policy?
Message-ID: <Pine.BSF.4.21.9912042309240.34489-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I was wondering whether it would be smarter to have a closed list policy
here, to prevent just anyone (read: evil people) from subscribing and
getting early notification about vulnerabilities before they're patched
(which may take several days). Obviously we still should have a full
disclosure policy, but it gives ourselves time to fix bugs properly.

Thoughts?

Kris





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message