From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.cs.ucla.edu (mail.cs.ucla.edu [131.179.128.66]) by sourceware.org (Postfix) with ESMTPS id 4CC7E3858CDA for ; Fri, 28 Jul 2023 17:28:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4CC7E3858CDA Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=cs.ucla.edu Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=cs.ucla.edu Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 2C1C63C011BD9 for ; Fri, 28 Jul 2023 10:28:47 -0700 (PDT) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id wrgYj9vOOjSn for ; Fri, 28 Jul 2023 10:28:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 7AFD23C011BDA for ; Fri, 28 Jul 2023 10:28:46 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu 7AFD23C011BDA DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1690565326; bh=9ayiGHY/ezKNa4lv/L0VLmE1CdhPvocrSeIuh7G55EM=; h=Message-ID:Date:MIME-Version:To:From; b=Xtel04xDksJzzfx3VWqWA3xvea52ly9RzqvwEg5BSROJHkMYnLQWfJ4XLL0JeUsZH lYIJ7Fb7K4zP/CPn9asxMAZOBJLtTuVAsuzSs+AN87O1hiX+CEth33QK1BjS1t4bZQ wNbeMF6y35nOPPCAdDrTaLhI3kFI4hJ4IEU8r3omNszDQWE3KIgDWFqMAWKSQFC24o hIQ9h5Jp19G1j4KKaFPj4J5Mx/gYw0bm6hz6eLdINt9bIcr8iapiH5U9Ab5mixS8ZC pDYozdf9aIRBT3oxOt1eECfzNobt1GiJFd/gqi/UEahATrp8S9A9O1Gy7Sv+y+70W0 MgQq+PipP+YNw== X-Virus-Scanned: amavisd-new at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SqhgO-m2yh0a for ; Fri, 28 Jul 2023 10:28:46 -0700 (PDT) Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com [172.91.119.151]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 59EFF3C011BD9 for ; Fri, 28 Jul 2023 10:28:46 -0700 (PDT) Message-ID: <6ad61af4-8890-809c-d168-5a6e8c750d26@cs.ucla.edu> Date: Fri, 28 Jul 2023 10:28:46 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Subject: Re: GNU C Library as its own CNA? Content-Language: en-US To: libc-alpha@sourceware.org References: <1f5a1295-36d1-ab5e-86ec-1e91acefc63f@gotplt.org> From: Paul Eggert Organization: UCLA Computer Science Department In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-07-28 09:41, Joseph Myers wrote: > If we add some kind of private submission > mechanism, we should also strongly discourage its use for the bulk of > low-risk issues to avoid adding unnecessary overhead for those. One possibility is to use an already-existing submission mechanism, namely the GNU Security Escalation Contact . For what it's worth, that mailing list gets little email, mostly false alarms. https://savannah.gnu.org/mail/?group=security