|
Message-ID: <5099285C.9040704@mvista.com> Date: Tue, 06 Nov 2012 07:10:20 -0800 From: akuster <akuster@...sta.com> To: oss-security@...ts.openwall.com CC: Kurt Seifried <kseifried@...hat.com> Subject: Re: Request for linux-distros@...openwall.org membership -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kurt, On 11/05/2012 10:09 AM, Kurt Seifried wrote: > On 11/05/2012 10:53 AM, Henri Salo wrote: >> On Mon, Nov 05, 2012 at 05:02:52PM +0530, Premchand Koneru >> wrote: >>> I recently joined the Montavista Security team and request >>> membership to thelinux-distros@...openwall.org list, so that >>> I may participate fully in reporting and fixing vulnerabilities >>> in Montavista. Here is my GPG fingerprint: >>> >>> pub 2048R/5DA060C7 2012-11-05 Key fingerprint = 7DF9 45B4 >>> 3116 8D5C D3C0 2A15 EADE D5B2 5DA0 60C7 uid Premchand >>> Koneru<pkoneru@...sta.com <mailto:pkoneru@...sta.com>> sub >>> 2048R/BE364B01 2012-11-05 >>> >>> Thank you for consideration. > >> This is first time I heard about Montavista. Where is your >> package- and bug-tracker? Does Montavista use CVE? > >> - Henri Salo > > > Also how do we confirm you are on the security team there? I can't > even find proof you work for Montavista (other than the email > address) and I can't find any mention of a person called "Premchand > Koneru" doing security work in the past. > > I did manage to find a CVE page of sorts: > > http://www.mvista.com/cve_vulnerabilities.php > > For 2012 you appear to have fixed one Linux security flaw out of > the 7 listed (the rest are OpenSSL/OpenSSH), so I'm not really sure > why you would need access to distros@ if you aren't fixing Linux > related security issues any ways? I am not surprised that our list is behind. I did mention there would be a 3 month delay in new postings back when I was trying to get MontaVista back on the closed list which seemed acceptable at the time. This delay seems excessive. I will ping my management again. If you feel that MV should be dropped from the list-distros list, then so be it. I do realize this list is maintained by volunteers and today's rules are based on previous emails (kinda hard me to follow). I do hope the requirements listed at http://oss-security.openwall.org/wiki/mailing-lists/distros will be update with "How to maintain membership" and "How to ack/nack additional team members memberships". Kind regards, Armin -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQmShbAAoJEH91cpWuue2Nvl0P/2PfDeNSrUV8CE7oZ0GNgUGs wXEmJGEBtplvACUOiQ8P2tOoLHrke790hkF0LaLK7bHryKzTFtNHftVxc87Qu2cR V8ej/y7jO8/IGOYdAMS6W1dPPCZtmuVEEE2v6FGNtOGavy9LDYZRYOVBUUNB8yxr BtY40cTyAWHHaF/IZCoFw5tbaHLhl2bM9VrU0ws98t1mbG5kRV+HGJqnTvDJbTz9 wcLIIBltehQn0u5WduDdWIZBo3hYT9mvg3hidDZ+Azag921/Caa6cuC+m5es/W2v wuU6GFt6KEPLs1LM+r/Uw0Ip/ilZnDWJIe8KPX/aTQDMQ5SzNkj+GkG/cEW7sMZe W8tEesag+nBuMEshtYXjILLCtOnE0NbwgaY2eHLRjZBU66WWObbeQ/upNgnKvq/X NVrv5MKyt66NpehjGBt13Ty4k/HEOkswUQl8gmCm+x9F+Rhqdky2Ore1HyjIb/cR 5zstHdR2ZKodS5YAoiV2HfIFdfd6brymqZcNHEYfhYPnFxvaq/XNL2CRfLpvhmHT syKQhach2t5B2EFcED734ytGnnAMExF6S+6ItQ6zChEKnb/jFXQX6m1HEYpWmzn3 thDO7RD6TEzL1EVJ5U2eEF8IXMe1QKIZdB1X/mJ99OPe0N9FYj8fJhEAz2430ej1 XjebBQngww0tU0Cod8Aq =9Lc5 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.