5885717 2000-12-21 19:17 -0500  /99 rader/ Matt Power <mhpower@BOS.BINDVIEW.COM>
Sänt av: joel@lysator.liu.se
Importerad: 2000-12-22  11:16  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: mhpower@BOS.BINDVIEW.COM
Mottagare: Bugtraq (import) <14473>
Kommentar till text 5881913 av Jose Nazario <jose@BIOCSERVER.BIOC.CWRU.EDU>
Ärende: listing of vendor's security-announcement lists
------------------------------------------------------------
From: Matt Power <mhpower@BOS.BINDVIEW.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <200012220017.TAA03492@theta.bos.bindview.com>

In http://www.securityfocus.com/archive/1/152248, Jose Nazario
<jose@biocserver.bioc.cwru.edu> wrote:

>                                           ... you should be on every
>security list your vendor puts out. nearly every vendor has one. some are
>just busier than others.

Here are some references to many of these mailing lists (and a few
references to the security web pages of vendors that don't have a
mailing list specifically for security announcements). For the
operating systems provided by BSDI, Caldera, Cobalt, Compaq,
Conectiva, Corel, Debian, FreeBSD, IBM, MandrakeSoft, Microsoft,
NetBSD, Novell, OpenBSD, Red Hat, SCO, SGI, Slackware, Sony, Sun
Microsystems, SuSE, Trustix, TurboLinux, and WireX, there's
information in http://razor.bindview.com/publish/papers/os-patch.html
(toward the end, in the section "Discussion of Individual Vendors").

Hewlett-Packard also has a security-announcement list but the signup
procedure involves a few separate steps. One posting that explains the
procedure is http://www.securityfocus.com/archive/1/151712

A few more operating systems that have security-announcement lists:

Stampede GNU/Linux
stampede-linux-security; see http://www.stampede.org/mailinglists.php3

Yellow Dog Linux and Black Lab Linux
yellowdog-updates list; see http://lists.yellowdoglinux.com/


Other operating systems where security announcements are on the web:

ESWARE Linux
http://www.esware.com/actualizaciones.html

Kondara MNU/Linux
http://www.kondara.org/errata/index.html.en

LinuxPPC
http://www.linuxppc.com/support/updates/security/

NCR UNIX and MP-RAS UNIX
http://www.ncr.com/support/support_drivers_patches.asp?Class=sys3000

UXP/V
http://www.fujitsu.co.jp/hypertext/Products/Info_process/hpc/topics/cert/top/index-e.html


Other operating systems for which the vendor operates some mailing
lists but apparently not one limited only to security announcements:

Darwin
http://lists.apple.com/mailman/listinfo/darwinos-users

ESWARE Linux
http://www.esware.com/lista_correo.html

Kondara MNU/Linux
http://www.kondara.org/mailinglist.html.en (also, there are Kondara
security announcements posted to SecurityPortal's linux-security list;
see http://listserv.securityportal.com/archives/linux-security.html)

LASER5 Linux
http://l5web.laser5.co.jp/ml/ml.html

Linux From Scratch
http://www.linuxfromscratch.org/services/mailinglistinfo.php

MkLinux
http://www.mklinux.org/mailinglists.html

ROCK Linux
http://www.rocklinux.org/

RTLinux
http://www.rtlinux.org/mailing_lists.html

Storm Linux
http://www.stormix.com/resources/community/maillists_html

Trinux
http://trinux.sourceforge.net/faq.html


It's entirely possible that someone else is already maintaining a
collection of this type of information. I haven't seen it though. If
there isn't yet a similar collection, I'll put together a web page
next week that includes only a list of each OS vendor and the minimal
information needed to get the security announcements for that OS.

Matt Power
BindView Corporation, RAZOR Team
mhpower@bos.bindview.com
(5885717) --------------------------------(Ombruten)