From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.4 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,UNPARSEABLE_RELAY
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 21652 invoked from network); 27 Dec 2020 21:49:17 -0000
Received: from zero.zsh.org (2a02:898:31:0:48:4558:7a:7368)
  by inbox.vuxu.org with ESMTPUTF8; 27 Dec 2020 21:49:17 -0000
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=zsh.org; s=rsa-20200801; t=1609105757;
	 b=vZn9Vdy3Z2tokhfbzrWi3HEf8PeyX+7vzf3SJJyQViUeM8isvbE/Nev0d8a2ekIDOOZr6cu2nU
	  e3tWT/In8UT9h5Gz2pbU2RuludOLObLqof0WE6wUPSSUwPnxs/LRMc2ek0snJPAaFwbdXyrmsF
	  zjhV+Ve4vSqZXJ0DCYSnntVZj48YJqEagdCOMowVkeZhaf4VBFLQ6xWptqK+F36z2sV6M7/zS3
	  BNhmM5+ynTlOePNeYW/kfom6Zvjub4iU5gG2blVBIfmxbGwpS728RKKDysMmN/p9/fvFDT4QVa
	  874geIa7Vu+aNBRccl+dcWTqZDxgvZXaIL6VQvEsOJqNcA==;
ARC-Authentication-Results: i=1; zsh.org;
	iprev=pass (mx.spodhuis.org) smtp.remote-ip=94.142.241.89;
	dkim=pass header.d=spodhuis.org header.s=d202011e2 header.a=ed25519-sha256;
	dkim=pass header.d=spodhuis.org header.s=d202011 header.a=rsa-sha256;
	dmarc=pass header.from=spodhuis.org;
	arc=none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=zsh.org; s=rsa-20200801; t=1609105757;
	bh=iv4Co7SXcRFk9UIGPApmER9ZPIfEi2RWaoPrfnjXISo=;
	h=List-Archive:List-Owner:List-Post:List-Unsubscribe:List-Subscribe:List-Help:
	  List-Id:Sender:In-Reply-To:Content-Type:MIME-Version:References:Message-ID:
	  Subject:To:From:Date:DKIM-Signature:DKIM-Signature:DKIM-Signature;
	b=VXZL+Iy0Cly6HTfB2mI8GgcqrzaKEA/8ztfpx0b0dehQQd9NgQCbZGghvoqX0N/FlXFGvt+iSw
	  G6RGEu2Ot+ZwJAPJvmlp1WeffRRBNBA0UJUDs9aEE0iULWOrz1ohPk1uCM/hOmAXRz2RAkdp+d
	  r8qYGVLoaKJAJekRhjZKmNoiMzemwijvIOfk6c/OJhceHgGn8j0I3kbW3VbOFz4RnZpbfzq5e3
	  CAQ53xSmhBSAzFmTKLvS1ZrBtr2BFtbVsguGwviQKe4RisI9Yf9MSfJoqZHtfsyLeAtiovZLvT
	  U+jT3js5ReOlcjG5Sdpolp/7Jcosk0XHHwyADNvViIT6mA==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=zsh.org;
	s=rsa-20200801; h=List-Archive:List-Owner:List-Post:List-Unsubscribe:
	List-Subscribe:List-Help:List-Id:Sender:In-Reply-To:Content-Type:MIME-Version
	:References:Message-ID:Subject:To:From:Date:Reply-To:Cc:
	Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:
	Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID;
	bh=HlroVzwmuPcSs1ahvEEnT8L6BDRPbD2kl2z2KAuBHLE=; b=ab1DrcP7xrLIfTxDzScbJvWuV9
	LwcTKRSGgJd8MOVsZsfE39TWQm1dXE160pd/nqUlrhRCkIjz6jeVN+57QMh4hoYRR06hvS9tGckk8
	UV+haKDNmQ0SQvM4x7xjUdOLONpC/kk/gBUU/fAxFeTi2Z2R5H/GfbJnoE9pYrYa2yIEX7/c6Eipe
	D68Fbd2iqHu9sfjf4Bm5zW/h6ze0xYXKQ4r/a8/wlk/zKr+EvGz6V45KZyqENjTyWtLqb7Oucm8Tm
	tvstA5oZXvrxstmlKU6YqeB4g5i/9eECuOPztZ/uOfuusYih+IJqTzFC0gbOx6RcilL7jB6AEQfQi
	0mpYGYzA==;
Received: from authenticated user by zero.zsh.org with local 
	id 1ktdud-000B8T-My; Sun, 27 Dec 2020 21:49:15 +0000
Authentication-Results: zsh.org;
	iprev=pass (mx.spodhuis.org) smtp.remote-ip=94.142.241.89;
	dkim=pass header.d=spodhuis.org header.s=d202011e2 header.a=ed25519-sha256;
	dkim=pass header.d=spodhuis.org header.s=d202011 header.a=rsa-sha256;
	dmarc=pass header.from=spodhuis.org;
	arc=none
Received: from mx.spodhuis.org ([94.142.241.89]:18168) (DNSSEC AD)
	by zero.zsh.org with esmtps (TLS1.3:TLS_AES_256_GCM_SHA384:256)
	id 1ktduL-000AzT-9E; Sun, 27 Dec 2020 21:48:57 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=spodhuis.org; s=d202011; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:To:From:Date:From:Reply-To:Subject:Date:To:Cc:
	Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP:Organization
	; bh=HlroVzwmuPcSs1ahvEEnT8L6BDRPbD2kl2z2KAuBHLE=; t=1609105737; x=1610315337
	; b=rKjnFjbb9VmKbXXeKZwY0QlWna+Z7s2P7ocq45D6AJ4Zb4OgtWdkPXd17oGe060ITZ+X4irBY
	BQ0TZT8ZtT3lEl3+udep9bRsyknAs0nEE2jA0f0LwijqOSpKMaIZl9TnBTIB4hc0C0tSjdkfB3Owh
	2azWMIJaL9gShKzDih2U/DUTfzHV7aDkZ6lhsw0fxHykrqFC4Bb/gw7abeK4TV7KEQuif0yjmRmXp
	dxetGNkCdNuqtMlr4Iio5Es4UNQ+w1Jua4lOuC5iPSE4YAg98o9gb9EanQ1meOPw/xyun8osyDvZ2
	WzwpHTtdhvkhPDljbu+YhBRjbdzIJ85/GjDyQw==;
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed;
	d=spodhuis.org; s=d202011e2; h=OpenPGP:In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:To:From:Date:From:Reply-To:Subject:Date:To:Cc:
	Content-Transfer-Encoding:Content-ID:Content-Description:OpenPGP:Organization
	; bh=HlroVzwmuPcSs1ahvEEnT8L6BDRPbD2kl2z2KAuBHLE=; t=1609105737; x=1610315337
	; b=wrqmktPwXdi9Co6kC4dx24cnZf5Zx99ifhMbBRTB4Jm3BcbZvfR1YfEbGaVKhLYmW9tfQeqlx
	s2X/I0mOu8hBA==;
Received: from authenticated user by smtp.spodhuis.org with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256)
	id 1ktduK-000AzM-VX; Sun, 27 Dec 2020 21:48:57 +0000
Date: Sun, 27 Dec 2020 16:48:54 -0500
From: Phil Pennock <zsh-workers+phil.pennock@spodhuis.org>
To: zsh-workers@zsh.org
Subject: Re: Security
Message-ID: <X+kBRpTydSUosZNw@fullerene.field.pennock-tech.net>
References: <paAbf-KNB0KbNKpcW3QUwRieHYlcjHX1JUBuWrVKyRFxy3huAGdvLPpI3AarFSLDymL3AP4TfrD_Pusx13LQUUoAxYUBOWasBoMDvSPvppk=@protonmail.com>
 <CAFOazAPaNLP6Yg6krO7mtcSrgoj=+rmg-=Awc-ju8rBfqKykUQ@mail.gmail.com>
 <9ukE0EnlTIntEcJ7b7nLSoq5E3XfeB-HtfyHk1Vmzoh_NojpSpL_amjhCixUBdb164pmStO4by1oduUBR0zCJpK0xGzrh2uz42flRXt96-8=@protonmail.com>
 <X+N714veDei3MIVm@andrew.cmu.edu>
 <Uzy4-LW1s3eKrllB-zw35G-ORZsJNQl6uPzDhishTuzE-QC_Hir0nOOi00r5bRdlm-N9GbNJL9gGifBuXxQt8QKlz7yATk4Ah4bxVqOjQKM=@protonmail.com>
 <a5f44f89-bec5-487d-aee3-8c4eb4f521fa@www.fastmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <a5f44f89-bec5-487d-aee3-8c4eb4f521fa@www.fastmail.com>
OpenPGP: url=https://www.security.spodhuis.org/PGP/keys/keys-2013rsa-2020cv25519.asc
X-Seq: 47761
Archived-At: <https://zsh.org/workers/47761>
X-Loop: zsh-workers@zsh.org
Errors-To: zsh-workers-owner@zsh.org
Precedence: list
Precedence: bulk
Sender: zsh-workers-request@zsh.org
X-no-archive: yes
List-Id: <zsh-workers.zsh.org>
List-Help: <mailto:sympa@zsh.org?subject=help>
List-Subscribe: <mailto:sympa@zsh.org?subject=subscribe%20zsh-workers>
List-Unsubscribe: <mailto:sympa@zsh.org?subject=unsubscribe%20zsh-workers>
List-Post: <mailto:zsh-workers@zsh.org>
List-Owner: <mailto:zsh-workers-request@zsh.org>
List-Archive: <http://www.zsh.org/sympa/arc/zsh-workers>
Archived-At: <http://www.zsh.org/sympa/arcsearch_id/zsh-workers/2020-12/X%2BkBRpTydSUosZNw%40fullerene.field.pennock-tech.net>

On 2020-12-25 at 16:06 +0000, Daniel Shahaf wrote:
> Sorry for the delay.  It sounds like you emailed _only_ Oliver, so he
> might simply be on holiday.  In any case, to avoid a single point of
> failure, please email the details to zsh-infra@zsh.org.  Thanks!
> 
> Note to -workers@: Folks who have dealt with previous security issues
> (or are otherwise trusted) and aren't already on -infra@ are welcome to
> join. Just send a subscription request the usual way.  (And yes,
> a separate -security@ list might be a good idea, or at least an alias.)

zsh-security@ now exists, we're kicking the tires.  I set it to
closed-to-new-subscribers, so Daniel might clean up after me and open it
to let people ask in the usual way.  (Sorry, I missed this thread before
and only saw it after closing out the stuff I had open for setup).

The -infra list is intended to be boring.  Several of the people you
want looking at security stuff are not subscribed and probably don't
want the spam of discussions about mailing-list bounce rates,
certificate renewals, etc.

-Phil