Security announcement subscriptions (was: [Security Advisory] CVE-2020-14156 ...)

Joseph Reynolds jrey at linux.ibm.com
Wed Jun 17 05:17:51 AEST 2020


On 6/16/20 12:35 PM, Lee Fisher wrote:
> Hi,
>
> In addition to a web page showing how to submit security issues, it
> would be nice if there was a web page showing OpenBMC CVEs. And/or a
> mailing list to announce OpenBMC security advisories. Having to
> subscribe to the dev list and watch the issue tracking system for CVEs
> will only keep security awareness isolated to OpenBMC devs.

Lee,  +cc: openbmc email list

I agree.  The security wiki [1] has a query to show all security 
advisories [2].  We had discussed creating an 
openbmc-public-security-announcements email list that you could 
subscribe to.  I'll add an item to the security working group agenda [3] 
to discuss the email again.

- Joseph

[1]: https://github.com/openbmc/openbmc/wiki/Security-working-group
[2]: 
https://github.com/openbmc/openbmc/issues?utf8=%E2%9C%93&q=Security+Advisory
[3]: 
https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI

>
> Thanks,
> Lee
>
> On 6/15/20 12:31 PM, Joseph Reynolds wrote:
>> |The OpenBMC Security Response team has released an OpenBMC Security
>> Advisory: https://github.com/openbmc/openbmc/issues/3670 Thanks to
>> everyone who helped work on this. An OpenBMC Security Advisory
>> explains a security vulnerability, its severity, and how to protect
>> systems that are built on OpenBMC. For more information about OpenBMC
>> Security Response, see:
>> https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team.md
>> - Joseph |
>>



More information about the openbmc mailing list