|Main Archive Page > Month Archives > oss-security archives|
On 16.03.2012 10:26, Andreas Ericsson wrote:
> Those mails are all exemplary requests for CVE id's, ofcourse, but
> fact that they are all already fixed and released means that 100% of
> the work is already done. At that point, assigning a CVE id is mostly
> useless and is done as a "just for the record" thing.
Whether you consider it useless or not, those are the CVE assignments
that will happen on the list, aiui.
specifically says: "Public security issues only please. What you say
here is public for the world to see - keep that in mind. Embargoed
information is best disclosed to vendor-sec" (which should be updated to
point at somewhere that actually exists).