On Sat, 7 Jun 2014 07:04:47 +0400 Solar Designer <so...@openwall.com> wrote:
> To clarify and for the record: > > Being on the distros list is not mandatory to receive advance > notification of security issues. The list is just a tool. People > reporting security issues to the distros list are encouraged to also > "notify upstream projects/developers of the affected software, other > affected distro vendors, and/or affected Open Source projects". You and others may want to know that – since yesterday – the OpenSSL wiki says otherwise. Quoting: "If you would like advanced notice of vulnerabilities before they are released to the general public, then please join [http://oss-security.openwall.org/wiki/mailing-lists/distros Operating system distribution security contact lists] at OpenWall's OSS Security" http://wiki.openssl.org/index.php?title=Security_Advisories&diff=1700&oldid=1697
