Security Portal: Writing Security Advisories - The Good, the Bad and the UglySep 14, 2000, 21:48 (0 Talkback[s])
(Other stories by Kurt Seifried)
"I've been writing security digests now for several months, for Linux and BSD. This means I read pretty much every single vendor issued security advisory, along with advisories for software packages on Bugtraq and other mailing lists/websites/etc. I am happy to say that most Linux distributions and vendors are doing a pretty good job on their security advisories, but not all are perfect. A security advisory is a complex thing to write properly...."
"PGP/GnuPG keys: would it be too hard to have them signed properly and posted in an easy to find location on the Web? Caldera is especially guilty in this respect. I could not find their PGP key on their website, and when I searched the keyservers I found several, but since their keys are not signed by any other keys (self signed, absolutely useless) they are of questionable value. Shame on Caldera. Vendors should get together and at least sign each others' keys, and maybe get luminaries such as Linus Torvalds or Werner Koch (author of GnuPG) to sign their keys."