You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Daniel Sahlberg <da...@gmail.com> on 2022/06/26 06:36:12 UTC

Removing bugtraq@securityfocus.com from release announcement template

Hi,

Due to Bugtraq effectively being dead since January 2021 (Wikipedia[1]:
"Bugtraq _was_ an electronic mailing list..."; no new messages
since January 16th [2] [3]) and our latest release announcement e-mail
bounced (reported by the RM in private@ [4]).

There seems to have been plans to re-open Bugtraq but I can't find evidence
of it materialising.

I'm suggesting to remove bugtraq@securityfocus.com from our release
announcement template.

[[[
Index: tools/dist/templates/stable-release-ann.ezt
===================================================================
--- tools/dist/templates/stable-release-ann.ezt (revision 1900694)
+++ tools/dist/templates/stable-release-ann.ezt (working copy)
@@ -1,7 +1,7 @@
 From: ...@apache.org
 To: announce@subversion.apache.org, users@subversion.apache.org,
dev@subversion.apache.org
 Reply-To: users@subversion.apache.org
-[if-any security]Cc: security@apache.org, oss-security@lists.openwall.com,
bugtraq@securityfocus.com
+[if-any security]Cc: security@apache.org, oss-security@lists.openwall.com
 [end][if-any security]Subject: [[]SECURITY][[]ANNOUNCE] Apache Subversion
[version] released
 [else]Subject: [[]ANNOUNCE] Apache Subversion [version] released
 [end]
]]]

If anyone has other information, or suggestions for other lists that should
be suitable additions, please speak up, otherwise I'll commit as above in a
few days.

Kind regards,
Daniel


[1] https://en.wikipedia.org/wiki/Bugtraq
[2] https://marc.info/?l=bugtraq&r=1&w=2
[3] https://seclists.org/bugtraq/
[4] https://lists.apache.org/thread/3gto9dkvp1hn1qc5gw4fmpd3zjqc3cr4
[5] https://www.accenture.com/us-en/blogs/cyber-defense/future-of-bugtraq

Re: Removing bugtraq@securityfocus.com from release announcement template

Posted by Nathan Hartman <ha...@gmail.com>.

On Sun, Jun 26, 2022 at 2:36 AM Daniel Sahlberg
<da...@gmail.com> wrote:
>
> Hi,
>
> Due to Bugtraq effectively being dead since January 2021 (Wikipedia[1]: "Bugtraq _was_ an electronic mailing list..."; no new messages since January 16th [2] [3]) and our latest release announcement e-mail bounced (reported by the RM in private@ [4]).
>
> There seems to have been plans to re-open Bugtraq but I can't find evidence of it materialising.

Looking over the archives you linked in [3] it seems like quite a few
of the formerly active security lists have died down in the last few
years. I guess the CVE process has superseded these.

Since it's bouncing and looks improbable to make a comeback at this
stage, I think it's safe to remove it from our template.

+1 to commit.

Cheers,
Nathan