Date: Sat, 17 Sep 2011 09:53:53 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: closed-list membership transition On Fri, Sep 16, 2011 at 10:53:40AM -0700, Kees Cook wrote: > My last day with Canonical is today. Starting on Sep 19th, I will be > working for Google on ChromeOS. I'd like to transition my closed-list > membership based on the fact that ChromeOS is also a distro, and I'll > still have security responsibilities with it. How should this be handled? The initial seed membership for the closed list was limited to distros who were on the old vendor-sec (and additionally limited to Linux only). I think it's in fact time for us to start accepting other qualifying Linux distros. One of the criteria should be that the distro is generally available (not limited to just one organization). Another is that it should be issuing timely security updates. And, without the "was on vendor-sec" requirement, we'll need someone to vouch for each new distro member and first person to subscribe from that new distro. (Then that person can nominate additional contact persons for the distro.) I think that Chrome OS qualifies. As far as I can see, it's generally available now: http://getchrome.eu/download.php Also, I am happy to vouch for Kees. (I would vouch for other Chrome OS security people I know as well, but this specific request is from Kees.) So I'd like Chrome OS and Kees in particular to be on the closed Linux distros list, to receive advance notification of up to 14 days on medium severity issues (this is what the list is for). I'd appreciate any comments on any of the above (support, objections, anything else). Thanks, Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.