Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 06 Nov 2012 07:10:20 -0800
From: akuster <akuster@...sta.com>
To: oss-security@...ts.openwall.com
CC: Kurt Seifried <kseifried@...hat.com>
Subject: Re: Request for linux-distros@...openwall.org membership

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt,

On 11/05/2012 10:09 AM, Kurt Seifried wrote:
> On 11/05/2012 10:53 AM, Henri Salo wrote:
>> On Mon, Nov 05, 2012 at 05:02:52PM +0530, Premchand Koneru
>> wrote:
>>> I recently joined the Montavista Security team and request 
>>> membership to thelinux-distros@...openwall.org  list, so that
>>> I may participate fully in reporting and fixing vulnerabilities
>>> in Montavista. Here is my GPG fingerprint:
>>> 
>>> pub   2048R/5DA060C7 2012-11-05 Key fingerprint = 7DF9 45B4
>>> 3116 8D5C D3C0  2A15 EADE D5B2 5DA0 60C7 uid Premchand
>>> Koneru<pkoneru@...sta.com <mailto:pkoneru@...sta.com>> sub
>>> 2048R/BE364B01 2012-11-05
>>> 
>>> Thank you for consideration.
> 
>> This is first time I heard about Montavista. Where is your
>> package- and bug-tracker? Does Montavista use CVE?
> 
>> - Henri Salo
> 
> 
> Also how do we confirm you are on the security team there? I can't 
> even find proof you work for Montavista (other than the email
> address) and I can't find any mention of a person called "Premchand
> Koneru" doing security work in the past.
> 
> I did manage to find a CVE page of sorts:
> 
> http://www.mvista.com/cve_vulnerabilities.php
> 
> For 2012 you appear to have fixed one Linux security flaw out of
> the 7 listed (the rest are OpenSSL/OpenSSH), so I'm not really sure
> why you would need access to distros@ if you aren't fixing Linux
> related security issues any ways?

I am not surprised that our list is behind. I did mention there would
be a 3 month delay in new postings back when I was trying to get
MontaVista back on the closed list which seemed acceptable at the
time. This delay seems excessive. I will ping my management again.

If you feel that MV should be dropped from the list-distros list, then
so be it.

I do realize this list is maintained by volunteers and today's rules
are based on previous emails (kinda hard me to follow).

I do hope the requirements listed at

http://oss-security.openwall.org/wiki/mailing-lists/distros

will be update with "How to maintain membership" and "How to ack/nack
additional team members memberships".

Kind regards,
Armin



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQmShbAAoJEH91cpWuue2Nvl0P/2PfDeNSrUV8CE7oZ0GNgUGs
wXEmJGEBtplvACUOiQ8P2tOoLHrke790hkF0LaLK7bHryKzTFtNHftVxc87Qu2cR
V8ej/y7jO8/IGOYdAMS6W1dPPCZtmuVEEE2v6FGNtOGavy9LDYZRYOVBUUNB8yxr
BtY40cTyAWHHaF/IZCoFw5tbaHLhl2bM9VrU0ws98t1mbG5kRV+HGJqnTvDJbTz9
wcLIIBltehQn0u5WduDdWIZBo3hYT9mvg3hidDZ+Azag921/Caa6cuC+m5es/W2v
wuU6GFt6KEPLs1LM+r/Uw0Ip/ilZnDWJIe8KPX/aTQDMQ5SzNkj+GkG/cEW7sMZe
W8tEesag+nBuMEshtYXjILLCtOnE0NbwgaY2eHLRjZBU66WWObbeQ/upNgnKvq/X
NVrv5MKyt66NpehjGBt13Ty4k/HEOkswUQl8gmCm+x9F+Rhqdky2Ore1HyjIb/cR
5zstHdR2ZKodS5YAoiV2HfIFdfd6brymqZcNHEYfhYPnFxvaq/XNL2CRfLpvhmHT
syKQhach2t5B2EFcED734ytGnnAMExF6S+6ItQ6zChEKnb/jFXQX6m1HEYpWmzn3
thDO7RD6TEzL1EVJ5U2eEF8IXMe1QKIZdB1X/mJ99OPe0N9FYj8fJhEAz2430ej1
XjebBQngww0tU0Cod8Aq
=9Lc5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.