|
Message-ID: <509800E8.5080604@redhat.com> Date: Mon, 05 Nov 2012 11:09:44 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: Request for linux-distros@...openwall.org membership -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/05/2012 10:53 AM, Henri Salo wrote: > On Mon, Nov 05, 2012 at 05:02:52PM +0530, Premchand Koneru wrote: >> I recently joined the Montavista Security team and request >> membership to thelinux-distros@...openwall.org list, so that I >> may participate fully in reporting and fixing vulnerabilities in >> Montavista. Here is my GPG fingerprint: >> >> pub 2048R/5DA060C7 2012-11-05 Key fingerprint = 7DF9 45B4 3116 >> 8D5C D3C0 2A15 EADE D5B2 5DA0 60C7 uid >> Premchand Koneru<pkoneru@...sta.com >> <mailto:pkoneru@...sta.com>> sub 2048R/BE364B01 2012-11-05 >> >> Thank you for consideration. > > This is first time I heard about Montavista. Where is your package- > and bug-tracker? Does Montavista use CVE? > > - Henri Salo > Also how do we confirm you are on the security team there? I can't even find proof you work for Montavista (other than the email address) and I can't find any mention of a person called "Premchand Koneru" doing security work in the past. I did manage to find a CVE page of sorts: http://www.mvista.com/cve_vulnerabilities.php For 2012 you appear to have fixed one Linux security flaw out of the 7 listed (the rest are OpenSSL/OpenSSH), so I'm not really sure why you would need access to distros@ if you aren't fixing Linux related security issues any ways? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQmADoAAoJEBYNRVNeJnmTV/MP/RpOjpvT1HWlxY0x8NEFWOgG AKK4OhUyH+wi/ECyhzoo9TaUvClXILrBwIcWvq2rRkVOEddzDfvmQyACSxuqTOwh D4ectq352nfwccTmBTOPL1WdbknFrhPD6NrVoXF1hvef65CKV6A2HlX8j/shWCs2 3YhjwzHZgBP/ueeuXwa+Ki9NmuQQvy4XsVMmr6zxCdaZA6GhmvJGP19tsmUcl9dZ Km9nrQ1D8ia0/gG07l740BEDX7Hw08AKshWt8+fvbeCXKvepLryIL8rpV4bqgqAq z2WuJ3GiQSSMbXII/xrtrqknzOQsB1eRW8hjsthG45UewJ2kZ4aF4vFrDzPMCvDX lk+YPcB98SZfWHkRmuH4tn0bMTFVGn3xFWZ4hwr3qy9L+v3oHpV/l38z3HgmN7v8 NgfEn0X5Fj6GsYE429hGRXARs/CsNeMN5mYPO3sYbH7Sl6Y/iv9kAfpxcZhf5Xyw hZVwoditoy/nkisoShl9WniHLm4z21Zkl9k8nHwDQ8dZbjZvllNb0kR1a7cBKJWF hL2mEfwhbulJ+XOTr8hi9itgXOYTLddUtCL4fX/Yv7keTn7O1W63sejIf9uqnNjV y0My68LsnXzsn1+wpgefDXIyhfl/3pLtGVpyLWUJJkK4WK3OyIoQeSD3OyM1hWhv 9fiD6tELhvhINEY2O2sy =iMG8 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.