Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20170802120117.GA18748@openwall.com>
Date: Wed, 2 Aug 2017 14:01:17 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: security@...e.de
Subject: Re: CoreOS membership to linux-distros (updated)

On Wed, Aug 02, 2017 at 12:11:20PM +0200, Johannes Segitz wrote:
> On Tue, Aug 01, 2017 at 10:54:14PM +0200, Solar Designer wrote:
> > I keep the wiki page up to date:
> > 
> > http://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back
> 
> SUSE has been active in the past in various activities listed in the
> document and will continue to do so. Officially we would like to commit to
> task 5 and 10.

Thank you.  This results in:

5. Determine if the reported issues are Linux-specific, and if so help
ensure that (further) private discussion goes on the linux-distros
sub-list only (thus, not spamming and unnecessarily disclosing to the
non-Linux distros)
- primary: SUSE, backup: vacant

10. Monitor relevant public channels (mailing lists, code repositories,
etc.) and inform the reporter and the list in case an issue is made
public prematurely (that is, leaks or is independently rediscovered)
- primary: Amazon, backup: SUSE

This leaves without an assigned distro only 1 of 13 administrative tasks
requiring (linux-)distros list membership to handle:

4. Evaluate relevance to other parties such as the upstream, other
affected distros (not present on the (sub-)list), and other Open Source
projects, see if the report mentions notifying any of these, communicate
your findings and possible concerns to the reporter and the list, and
stay on top of the resulting discussion until a decision is made on who
else to possibly notify (or not) and any such notifications are in fact
made (with the reporter's approval)

This is counterpart to task "5. Determine if the reported issues are
Linux-specific ..." above.  Handling of this task "4. Evaluate relevance
to other parties ..." includes bringing discussions from linux-distros
to the full distros list when relevant to the *BSD's (and/or to whatever
other non-Linux distros are on that list at the time, if any join by
then), and a lot more.

Also still fully vacant are 3 out of 6 technical tasks.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.