Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Apr 2014 23:13:33 -0700
From: Matt Wilson <msw@...zon.com>
To: Kurt Seifried <kseifried@...hat.com>
CC: <oss-security@...ts.openwall.com>, Max Spevack <spevack@...zon.com>,
        Anthony Liguori <aliguori@...zon.com>, "Mark J. Cox" <mjc@...hat.com>,
        Cristian Gafton <gafton@...zon.com>
Subject: Re: Request for linux-distros list membership

On Wed, Apr 09, 2014 at 11:57:33PM -0600, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 04/09/2014 09:13 PM, Anthony Liguori wrote:
> > On 04/09/14 19:04, Kurt Seifried wrote:
> >> On 04/09/2014 09:23 AM, Anthony Liguori wrote:
> >>> Hi,
> > 
> >>> I would like to request membership to the closed linux-distros 
> >>> mailing list on behalf of the Amazon Linux AMI distribution.
> >>> We do not currently have anyone on this list from Amazon but
> >>> we would like to change that.  The Amazon Linux AMI
> >>> distribution is RPM based, optimized for EC2, and tracks a
> >>> number of packages (including the kernel) directly from
> >>> upstream.
> > 
> >>> Here is my GPG fingerprint:
> > 
> >>> pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4
> >>> 390F A270 BC30  4A93 1AAD C710 5682 E5FF uid
> >>> Anthony Liguori <anthony@...emonkey.ws> sub   2048R/44FFA77F
> >>> 2013-07-30
> > 
> >>> I'm sending this from my personal account since this is the uid
> >>>  associated with my GPG key but I would prefer to be subscribed
> >>> to my @amazon.com (CC'd here).
> > 
> >>> If anyone has any questions, please don't hestitate to ask. 
> >>> Thanks for your consideration!
> > 
> >>> Regards,
> > 
> >>> Anthony Liguori
> > 
> >> I find it a bit odd you can't send this from your work email 
> >> address. Would it be possible to add that email address to your
> >> key and then use your work email address?
> > 
> > We use DKIM which doesn't work very well with all mailing lists.
> > You should receive this okay since you are on CC but I'm not sure
> > everyone will get this through the mailing list.  If it doesn't
> > make it, I'll send this same (signed) message via the
> > @codemonkey.ws address.
> > 
> > I also added this address as a uid to my key.  Here it is again:
> > 
> > pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 390F
> > A270 BC30  4A93 1AAD C710 5682 E5FF uid                  Anthony
> > Liguori <aliguori@...zon.com> uid                  Anthony Liguori
> > <anthony@...emonkey.ws> sub   2048R/44FFA77F 2013-07-30
> > 
> >> I guess I'm wondering is this an official request on behalf of 
> >> Amazon or some random Amazon (employee? contractor?) asking for 
> >> access to distros@.
> > 
> > Yes, this is an official request on behalf of Amazon.  I am
> > requesting access on behalf of the Amazon Linux AMI team[1].
> > 
> > [1] http://aws.amazon.com/amazon-linux-ami/
> > 
> > Regards,
> > 
> > Anthony Liguori
> 
> So first off I'm inclined to have Amazon on the distros list (same
> reasons as Oracle basically).
> 
> My only concern is are you the correct person, I have no clue who is
> on the Amazon security team for their Linux distribution, I've never
> seen you post anything anywhere.

Perhaps Google "Anthony Liguori site:qemu.org"

> Your search - site:aws.amazon.com Anthony Liguori - did not match any
> documents.
> 
> Your search - site:aws.amazon.com aliguori@...zon.com - did not match
> any documents.
> 
> Can we somehow get confirmation from Amazon that this is the right
> person to have on distros? Thanks.

Apologies for not having PGP set up for my work email.

I can confirm that Anthony is one of several correct people for
dealing with security issues relating to Amazon Linux AMI. Cristian
Gafton and I also deal with security issues, as we did in the Olden
vendor-sec Days at Red Hat and rPath. I've added Mark Cox to CC: in
case he'd like to weigh in on our backgrounds.

Max Spevack, previous Fedora Project leader and the manager in charge
of Amazon Linux AMI, is also on Cc:.

Today we're just looking to get Anthony added to linux-distros as the
primary contact.

--msw

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ