Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20191030162423.GA9147@openwall.com>
Date: Wed, 30 Oct 2019 17:24:23 +0100
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Steven Rostedt <rostedt@...dmis.org>, sashal@...nel.org,
	amakhalov@...are.com, anishs@...are.com,
	Sharath George <sharathg@...are.com>, mijzerman@...are.com,
	Srivatsa Bhat <srivatsab@...are.com>,
	"Srivatsa S. Bhat" <srivatsa@...il.mit.edu>
Subject: Re: Membership application for linux-distros - VMware

Hello Srivatsa,

I've reviewed your request and the external resources you referenced,
and more, and I find the request very reasonable and satisfying our
stated requirements.  I also gave others on oss-security time to comment
if they wanted to, and we've only seen comments in favor.

Please send me your PGP key off-list and I'll add you to linux-distros.

Please see below on contributing back:

On Wed, Oct 23, 2019 at 12:08:48PM -0700, Srivatsa S. Bhat wrote:
> We would like to volunteer for the following tasks (but we would love
> your suggestions on taking up other tasks instead, depending on the
> current needs of the list).
> 
> Technical:
> 
> 4. Check if related issues exist in the same piece of software (e.g.,
> same bug class common across the software, or other kinds of bugs
> exist in its problematic component), and inform the list either way -
> primary: Ubuntu, backup: vacant
> 
> Administrative:
> 
> 5. Determine if the reported issues are Linux-specific, and if so help
> ensure that (further) private discussion goes on the linux-distros
> sub-list only (thus, not spamming and unnecessarily disclosing to the
> non-Linux distros) - primary: SUSE, backup: vacant

This is a good choice, thanks!

I'd like you to pick a primary role for some task.  As an option, we can
make you primary for "5. Determine if the reported issues are
Linux-specific ...", moving SUSE to backup.

Please let me know of your final choice, as well as where you'd like to
be primary and where to join as a backup.

We also need a distro to volunteer for the only currently completely
unassigned task requiring list membership, Technical 6:

6. Produce and share well-reasoned estimates for the time required to
handle the issues under embargo (such as to (re)negotiate the public
disclosure date and/or to choose between the different ways to handle an
issue)

I mention this not only in response to you, but also in case any other
distro would take this opportunity to volunteer for this task.  I guess
that same distro could also be involved in Technical 1 and/or 2 since
the time estimates and schedules could reasonably come out of such work:

1. Propose (other) ways to fix, work around, or mitigate the reported
issues - primary: Red Hat, backup: vacant

2. Develop and share fixes, workarounds, or mitigations - primary: Red Hat,
backup: vacant

Any takers?

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.