Date: Thu, 23 Jan 2014 22:42:03 +0100 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Cc: rf@...eap.de Subject: Re: linux-distros membership On Wed, Jan 22, 2014 at 04:29:13AM +0400, Solar Designer wrote: > As to "the details of the process", we don't currently have it fully > formalized. We did have a simple process for accepting a subset of > old vendor-sec members into the distros and linux-distros lists, but > after that point I'm afraid we never arrived at a decision on whether we > should introduce a voting/vouching process like vendor-sec had. > Instead, we had a few discussions in here, like the one we're having now > due to your request. There were several membership requests that I > think fell in the grey area, and I think yours does too: it's not > unreasonable, but it fails to convince me that Qlustar being on > linux-distros would likely significantly benefit the users of your > distro. Is anyone else in here convinced? (Genuine question.) I'm not convinced. There's a three digit number of Debian-derived distros and many of them come and go. The oldest Qlustar advisory is less than a year old and there's no visible participation in any security processes. We maintain the http://anonscm.debian.org/viewvc/kernel-sec/ repository which tracks all kernel vulnerabilities as soon as they're public. That's a good base for every Debian-derived distro with a modified kernel. Cheers, Moritz [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ