Date: Wed, 9 Apr 2014 23:13:33 -0700 From: Matt Wilson <msw@...zon.com> To: Kurt Seifried <kseifried@...hat.com> CC: <oss-security@...ts.openwall.com>, Max Spevack <spevack@...zon.com>, Anthony Liguori <aliguori@...zon.com>, "Mark J. Cox" <mjc@...hat.com>, Cristian Gafton <gafton@...zon.com> Subject: Re: Request for linux-distros list membership On Wed, Apr 09, 2014 at 11:57:33PM -0600, Kurt Seifried wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/09/2014 09:13 PM, Anthony Liguori wrote: > > On 04/09/14 19:04, Kurt Seifried wrote: > >> On 04/09/2014 09:23 AM, Anthony Liguori wrote: > >>> Hi, > > > >>> I would like to request membership to the closed linux-distros > >>> mailing list on behalf of the Amazon Linux AMI distribution. > >>> We do not currently have anyone on this list from Amazon but > >>> we would like to change that. The Amazon Linux AMI > >>> distribution is RPM based, optimized for EC2, and tracks a > >>> number of packages (including the kernel) directly from > >>> upstream. > > > >>> Here is my GPG fingerprint: > > > >>> pub 2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 > >>> 390F A270 BC30 4A93 1AAD C710 5682 E5FF uid > >>> Anthony Liguori <anthony@...emonkey.ws> sub 2048R/44FFA77F > >>> 2013-07-30 > > > >>> I'm sending this from my personal account since this is the uid > >>> associated with my GPG key but I would prefer to be subscribed > >>> to my @amazon.com (CC'd here). > > > >>> If anyone has any questions, please don't hestitate to ask. > >>> Thanks for your consideration! > > > >>> Regards, > > > >>> Anthony Liguori > > > >> I find it a bit odd you can't send this from your work email > >> address. Would it be possible to add that email address to your > >> key and then use your work email address? > > > > We use DKIM which doesn't work very well with all mailing lists. > > You should receive this okay since you are on CC but I'm not sure > > everyone will get this through the mailing list. If it doesn't > > make it, I'll send this same (signed) message via the > > @codemonkey.ws address. > > > > I also added this address as a uid to my key. Here it is again: > > > > pub 2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 390F > > A270 BC30 4A93 1AAD C710 5682 E5FF uid Anthony > > Liguori <aliguori@...zon.com> uid Anthony Liguori > > <anthony@...emonkey.ws> sub 2048R/44FFA77F 2013-07-30 > > > >> I guess I'm wondering is this an official request on behalf of > >> Amazon or some random Amazon (employee? contractor?) asking for > >> access to distros@. > > > > Yes, this is an official request on behalf of Amazon. I am > > requesting access on behalf of the Amazon Linux AMI team. > > > >  http://aws.amazon.com/amazon-linux-ami/ > > > > Regards, > > > > Anthony Liguori > > So first off I'm inclined to have Amazon on the distros list (same > reasons as Oracle basically). > > My only concern is are you the correct person, I have no clue who is > on the Amazon security team for their Linux distribution, I've never > seen you post anything anywhere. Perhaps Google "Anthony Liguori site:qemu.org" > Your search - site:aws.amazon.com Anthony Liguori - did not match any > documents. > > Your search - site:aws.amazon.com aliguori@...zon.com - did not match > any documents. > > Can we somehow get confirmation from Amazon that this is the right > person to have on distros? Thanks. Apologies for not having PGP set up for my work email. I can confirm that Anthony is one of several correct people for dealing with security issues relating to Amazon Linux AMI. Cristian Gafton and I also deal with security issues, as we did in the Olden vendor-sec Days at Red Hat and rPath. I've added Mark Cox to CC: in case he'd like to weigh in on our backgrounds. Max Spevack, previous Fedora Project leader and the manager in charge of Amazon Linux AMI, is also on Cc:. Today we're just looking to get Anthony added to linux-distros as the primary contact. --msw
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ