Date: Tue, 16 May 2017 17:39:45 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: NetBSD/pkgsrc membership on distros list Hi, A few individuals from/for NetBSD/pkgsrc joined the non-public distros list a while ago. Unfortunately, lately they appear to have become inactive. Thus, I am likely to remove NetBSD/pkgsrc from the distros list soon unless the membership is "renewed" through demonstrated interest and vulnerability response by specific people from there. I notice NetBSD security team is still active in terms of issuing of public security advisories (latest one posted on March 24), but the way the situation looks to me (and I admit I could be wrong) those advisories are not produced by the same people who had joined distros. So maybe NetBSD needs to nominate their currently active security people for distros membership on behalf of their project. I could figure out who the active NetBSD security people are now and approach them, but that's mostly not how distros membership applications worked so far - specifically, I'd like membership to be requested by each distros' security team. I don't want to be pinging them about it myself, as that could result in some joining just because they were invited/reminded like that rather than because of genuine interest. Similarly, I intentionally don't CC this posting to anyone - if someone (perhaps from NetBSD) is not in here, then even if they're doing security response for their distro they are not an ideal representative for their distro on the distros list. That's because we assume that the distro also keeps track of whatever issues are being made public on oss-security (with most of those issues never having been brought up on the distros list, so by being only on distros the person would miss most issues they might need to deal with). If anyone from NetBSD who is on oss-security has anything relevant to say on this, please speak up. Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ