Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Jan 2014 22:42:03 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: rf@...eap.de
Subject: Re: linux-distros membership

On Wed, Jan 22, 2014 at 04:29:13AM +0400, Solar Designer wrote:
> As to "the details of the process", we don't currently have it fully
> formalized.  We did have a simple process for accepting a subset of
> old vendor-sec members into the distros and linux-distros lists, but
> after that point I'm afraid we never arrived at a decision on whether we
> should introduce a voting/vouching process like vendor-sec had.
> Instead, we had a few discussions in here, like the one we're having now
> due to your request.  There were several membership requests that I
> think fell in the grey area, and I think yours does too: it's not
> unreasonable, but it fails to convince me that Qlustar being on
> linux-distros would likely significantly benefit the users of your
> distro.  Is anyone else in here convinced?  (Genuine question.)

I'm not convinced. There's a three digit number of Debian-derived distros 
and many of them come and go. The oldest Qlustar advisory is less than 
a year old and there's no visible participation in any security processes.

We maintain the http://anonscm.debian.org/viewvc/kernel-sec/ repository
which tracks all kernel vulnerabilities as soon as they're public. That's
a good base for every Debian-derived distro with a modified kernel.

Cheers,
        Moritz


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ