Date: Sun, 2 Jul 2017 20:07:46 +0200 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: linux-distros list membership application - CloudLinux Hi all, I am inclined to add CloudLinux to the linux-distros list unless there are well-reasoned objections. I'd appreciate any comments. On Sun, Jul 02, 2017 at 05:29:25PM +0300, Igor Seletskiy wrote: > I would like to apply for membership in linux-distros list for CloudLinux > OS. Please, see application attached. Thank you for posting this, Igor. I am most concerned about your answer to: > 4. Not be (only) downstream or a rebuild of another distro (or else we > need convincing additional justification of how the list membership > would enable you to release fixes sooner, presumably not relying on the > upstream distro having released their fixes first?) > Our kernel has significant amount of changes comparing to OpenVZ kernel > We also do slight modifications to Apache web server, ship customized > versions of PHP (multiple versions), python, ruby, MySQL and MariaDB that > are packaged by us, and not taken from upstream. So are you saying that you'll release fixes sooner (once you're on the linux-distros list) only for this subset of packages that are modified or packaged by you? What about the rest? > We would be happy to help with administrative tasks: > > 1. Promptly review new issue reports for meeting the list's requirements > and confirm receipt of the report and, when necessary, inform the reporter > of any issues with their report (e.g., obviously not actionable by the > distros) and request and/or propose any required yet missing information > (most notably, a tentative public disclosure date) > 2. If the proposed public disclosure date is not within list policy, > insist on getting this corrected and propose a suitable earlier date > > And possibly more in the future, as we have a better understanding of the > amount of work needed to handle those tasks. > We will need some handholding at first to make sure we do things correctly. OK. You'll likely need to choose additional/other tasks very soon since these trivial ones will likely transfer to another new distro joining, if one requests membership and meets the criteria shortly after you. > Please, find PGP related info Thanks. Out of the people you listed, you and Konstantin appear to have been on oss-security for a long while, but Leonid doesn't appear to be subscribed - or is he? If not, he probably needs to subscribe now. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ