Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 09 Apr 2014 23:57:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matt Wilson <msw@...zon.com>, Max Spevack <spevack@...zon.com>,
        Anthony Liguori <aliguori@...zon.com>
Subject: Re: Request for linux-distros list membership

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/09/2014 09:13 PM, Anthony Liguori wrote:
> On 04/09/14 19:04, Kurt Seifried wrote:
>> On 04/09/2014 09:23 AM, Anthony Liguori wrote:
>>> Hi,
> 
>>> I would like to request membership to the closed linux-distros 
>>> mailing list on behalf of the Amazon Linux AMI distribution.
>>> We do not currently have anyone on this list from Amazon but
>>> we would like to change that.  The Amazon Linux AMI
>>> distribution is RPM based, optimized for EC2, and tracks a
>>> number of packages (including the kernel) directly from
>>> upstream.
> 
>>> Here is my GPG fingerprint:
> 
>>> pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4
>>> 390F A270 BC30  4A93 1AAD C710 5682 E5FF uid
>>> Anthony Liguori <anthony@...emonkey.ws> sub   2048R/44FFA77F
>>> 2013-07-30
> 
>>> I'm sending this from my personal account since this is the uid
>>>  associated with my GPG key but I would prefer to be subscribed
>>> to my @amazon.com (CC'd here).
> 
>>> If anyone has any questions, please don't hestitate to ask. 
>>> Thanks for your consideration!
> 
>>> Regards,
> 
>>> Anthony Liguori
> 
>> I find it a bit odd you can't send this from your work email 
>> address. Would it be possible to add that email address to your
>> key and then use your work email address?
> 
> We use DKIM which doesn't work very well with all mailing lists.
> You should receive this okay since you are on CC but I'm not sure
> everyone will get this through the mailing list.  If it doesn't
> make it, I'll send this same (signed) message via the
> @codemonkey.ws address.
> 
> I also added this address as a uid to my key.  Here it is again:
> 
> pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 390F
> A270 BC30  4A93 1AAD C710 5682 E5FF uid                  Anthony
> Liguori <aliguori@...zon.com> uid                  Anthony Liguori
> <anthony@...emonkey.ws> sub   2048R/44FFA77F 2013-07-30
> 
>> I guess I'm wondering is this an official request on behalf of 
>> Amazon or some random Amazon (employee? contractor?) asking for 
>> access to distros@.
> 
> Yes, this is an official request on behalf of Amazon.  I am
> requesting access on behalf of the Amazon Linux AMI team[1].
> 
> [1] http://aws.amazon.com/amazon-linux-ami/
> 
> Regards,
> 
> Anthony Liguori

So first off I'm inclined to have Amazon on the distros list (same
reasons as Oracle basically).

My only concern is are you the correct person, I have no clue who is
on the Amazon security team for their Linux distribution, I've never
seen you post anything anywhere.

Your search - site:aws.amazon.com Anthony Liguori - did not match any
documents.

Your search - site:aws.amazon.com aliguori@...zon.com - did not match
any documents.

Can we somehow get confirmation from Amazon that this is the right
person to have on distros? Thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTRjLNAAoJEBYNRVNeJnmTWdMQAMyhe8Y5+8mgOMNkFCAhe7ee
u5dAkDGzCeywxNh7W10/9pgcB2raHCNahzEdNWTuc2SvE4Wjc7GLIlTdJ7MWPSYc
xag1ZStqiO0LrxY1CZWe69MAMYDpNo0a5rodxoWRZtrAnQLh7gX3KLcPKdtBHOvI
7GXK9QX0kf6elCmSHumMTvz8nr+mHgD6t1y0YNuj/hzx+9Z5fZoeuCVQdDMp3tdR
8O/gIz7c4HPGGy7CtbF8CYc8cI6tz/OfrxLBbkBY7Xy1+QIqL5Av3dZkX81Oiy6D
X2o8ne96NJ846TUgRavqDFJhJpTodA2i2jOuDp0n+cOCkhUI8L9cqkHyKBCBR5sU
cqzTfl7o39y/CE+fmRI6EvORgoW3mRisUPhoyoz398vcSBzMJGhpUcnIvthCAYs1
LX7yebnRVjTvPwJ3FOYRL+eiutQcN2rMdVsTVoi6EfpIVq1RvU4aNPBM0xmNqIVl
iZj1jQVEkI+7WOK0grjyNks7+uTW0ERD98B25ojehPxkoNyl+tdgsl1Dp1ddX59E
p8YDB1B1/FKGlcP4tKQ0jRxFocgP3N1BY5a1xepVwGwJrYoOubQeg3XX+frzzE4i
rLBtEjgBr6lgLdBt9uG5bAH1vH9WeS/yCDKYwSR0moZxI2TFF1i4J9/oDcqlIOnn
ew+c5LXc8fx2zWChjJsY
=KMGp
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ