Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 May 2017 17:39:45 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: NetBSD/pkgsrc membership on distros list

Hi,

A few individuals from/for NetBSD/pkgsrc joined the non-public distros
list a while ago.  Unfortunately, lately they appear to have become
inactive.  Thus, I am likely to remove NetBSD/pkgsrc from the distros
list soon unless the membership is "renewed" through demonstrated
interest and vulnerability response by specific people from there.

I notice NetBSD security team is still active in terms of issuing of
public security advisories (latest one posted on March 24), but the way
the situation looks to me (and I admit I could be wrong) those
advisories are not produced by the same people who had joined distros.
So maybe NetBSD needs to nominate their currently active security people
for distros membership on behalf of their project.

I could figure out who the active NetBSD security people are now and
approach them, but that's mostly not how distros membership applications
worked so far - specifically, I'd like membership to be requested by
each distros' security team.  I don't want to be pinging them about it
myself, as that could result in some joining just because they were
invited/reminded like that rather than because of genuine interest.

Similarly, I intentionally don't CC this posting to anyone - if someone
(perhaps from NetBSD) is not in here, then even if they're doing
security response for their distro they are not an ideal representative
for their distro on the distros list.  That's because we assume that the
distro also keeps track of whatever issues are being made public on
oss-security (with most of those issues never having been brought up on
the distros list, so by being only on distros the person would miss most
issues they might need to deal with).

If anyone from NetBSD who is on oss-security has anything relevant to
say on this, please speak up.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ