Date: Wed, 28 Jun 2017 02:27:58 +0000 From: Sven Dowideit <sven@...cher.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: Re: CoreOS membership to linux-distros I'm also curious to know where the lines are. I'm responsible for RancherOS, and think that both I, and my users would prefer that I had access to the embargoed information earlier, so preparing a response would have been less of a rush. One of the things that would have made my last week less worrying, is to have some access to exploit code - so as to verify the changes actually had a useful effect. RancherOS is a container oriented micro-linux distro with uptake in hybrid and on-premis clouds We have the beginnings of an advisory page at http://rancher.com/docs/os/security/ And are happy to comply with embargos. Also - keep up the awesome work - its impressive! ________________________________ From: Euan Kemp <euan.kemp@...eos.com> Sent: 27 June 2017 15:52:49 To: oss-security@...ts.openwall.com Subject: Re: [oss-security] CoreOS membership to linux-distros On 06/27/2017 03:13 PM, Kurt Seifried wrote: > My main question would be what expertise do you have in helping with > security issues, e.g. kernel/glibc/other engineering talent? Or do you > simply need this as a consumer of such data (e.g. so you can get containers > ready to respin for embargoed issues, and to be clear, I'm not opposed to > this type of consumption if it's in the public interest, you won't break > embargoes, etc.). To clarify your example, we're primarily concerned with preparing updates for our distribution's kernel and userland, not for containers. We'd be happy to help when we're able to, but our intent is mainly consumption for the security of our users. We'll, of course, respect embargoes. - Euan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ