Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 2 Aug 2017 14:01:17 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: security@...e.de
Subject: Re: CoreOS membership to linux-distros (updated)

On Wed, Aug 02, 2017 at 12:11:20PM +0200, Johannes Segitz wrote:
> On Tue, Aug 01, 2017 at 10:54:14PM +0200, Solar Designer wrote:
> > I keep the wiki page up to date:
> > 
> > http://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back
> 
> SUSE has been active in the past in various activities listed in the
> document and will continue to do so. Officially we would like to commit to
> task 5 and 10.

Thank you.  This results in:

5. Determine if the reported issues are Linux-specific, and if so help
ensure that (further) private discussion goes on the linux-distros
sub-list only (thus, not spamming and unnecessarily disclosing to the
non-Linux distros)
- primary: SUSE, backup: vacant

10. Monitor relevant public channels (mailing lists, code repositories,
etc.) and inform the reporter and the list in case an issue is made
public prematurely (that is, leaks or is independently rediscovered)
- primary: Amazon, backup: SUSE

This leaves without an assigned distro only 1 of 13 administrative tasks
requiring (linux-)distros list membership to handle:

4. Evaluate relevance to other parties such as the upstream, other
affected distros (not present on the (sub-)list), and other Open Source
projects, see if the report mentions notifying any of these, communicate
your findings and possible concerns to the reporter and the list, and
stay on top of the resulting discussion until a decision is made on who
else to possibly notify (or not) and any such notifications are in fact
made (with the reporter's approval)

This is counterpart to task "5. Determine if the reported issues are
Linux-specific ..." above.  Handling of this task "4. Evaluate relevance
to other parties ..." includes bringing discussions from linux-distros
to the full distros list when relevant to the *BSD's (and/or to whatever
other non-Linux distros are on that list at the time, if any join by
then), and a lot more.

Also still fully vacant are 3 out of 6 technical tasks.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ