From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66]) by sourceware.org (Postfix) with ESMTPS id 7FEFA3858C3A for ; Wed, 6 Sep 2023 17:04:04 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7FEFA3858C3A Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id F37533C011BD4; Wed, 6 Sep 2023 10:04:03 -0700 (PDT) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 8S4_LBKCnxRI; Wed, 6 Sep 2023 10:04:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id AD1AF3C011BD7; Wed, 6 Sep 2023 10:04:03 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu AD1AF3C011BD7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1694019843; bh=qQxi8nFnTAPtecet4HBpN0216j/Co+BTQf9Ln6NXzpU=; h=Message-ID:Date:MIME-Version:To:From; b=FK0PMB8xqMJyr0SyG16hsVPQxAtEhEPEIpJvKsCcP6PccxzdWbkd6Q9pRN39Es3U+ 6HkWLSaHnLRmRbo/FQPn4aIVzK2wnsyZndGhNM3/ahfxWyOr+bytepRivV4/Xn7aW+ jTjKjiA7rNhGzC0JoMCGus/23+urAKkDc8EgjaIlUmgEUL/OVAWMZmqrKeNDruO8db xxmuQotMH4w/1Dew5auSGACUkX/Ky3HBrNM91DqikTR+V44v+p/Tf86+2xWJgUison OOaBSt/PJQGPpkuNK3/kp2U07uFza1ncmNkzbLCFbYh47Bv4bF+w+9i6elGVpLT9Fe 5GSLs0KQRFthQ== X-Virus-Scanned: amavisd-new at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rKHyRturQUz8; Wed, 6 Sep 2023 10:04:03 -0700 (PDT) Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com [172.91.119.151]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 8D1EA3C011BD4; Wed, 6 Sep 2023 10:04:03 -0700 (PDT) Message-ID: <405a093a-a064-01e8-024f-f2f9d02f6b55@cs.ucla.edu> Date: Wed, 6 Sep 2023 10:04:03 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Subject: Re: GNU C Library as its own CNA? Content-Language: en-US To: Florian Weimer Cc: libc-alpha@sourceware.org References: <1f5a1295-36d1-ab5e-86ec-1e91acefc63f@gotplt.org> <6ad61af4-8890-809c-d168-5a6e8c750d26@cs.ucla.edu> <8734zrzdjz.fsf@oldenburg3.str.redhat.com> <63d0c6d3-4e7c-6e04-b9a5-fe28b39d16bc@cs.ucla.edu> <87ledjxnwj.fsf@oldenburg3.str.redhat.com> From: Paul Eggert Organization: UCLA Computer Science Department In-Reply-To: <87ledjxnwj.fsf@oldenburg3.str.redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-09-06 09:33, Florian Weimer wrote: > But the people behind would need some way to contact > glibc developers in private. At that point, we can just that means of > contact to the general public, no? That depends on what our goals are. If we want a simple face to the outside world there should be just one security contact for the GNU project; this is how most software developer organizations work. If we want to simplify our internal operations, and avoid delays in routing reports internally from one set of developers to another, we should have a separate security contact for each package. It's easier for us to do the latter, obviously.