Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 17 Sep 2011 09:53:53 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: closed-list membership transition

On Fri, Sep 16, 2011 at 10:53:40AM -0700, Kees Cook wrote:
> My last day with Canonical is today. Starting on Sep 19th, I will be
> working for Google on ChromeOS. I'd like to transition my closed-list
> membership based on the fact that ChromeOS is also a distro, and I'll
> still have security responsibilities with it. How should this be handled?

The initial seed membership for the closed list was limited to distros
who were on the old vendor-sec (and additionally limited to Linux only).

I think it's in fact time for us to start accepting other qualifying
Linux distros.

One of the criteria should be that the distro is generally available
(not limited to just one organization).  Another is that it should be
issuing timely security updates.  And, without the "was on vendor-sec"
requirement, we'll need someone to vouch for each new distro member and
first person to subscribe from that new distro.  (Then that person can
nominate additional contact persons for the distro.)

I think that Chrome OS qualifies.  As far as I can see, it's generally
available now: http://getchrome.eu/download.php

Also, I am happy to vouch for Kees.  (I would vouch for other Chrome OS
security people I know as well, but this specific request is from Kees.)

So I'd like Chrome OS and Kees in particular to be on the closed Linux
distros list, to receive advance notification of up to 14 days on medium
severity issues (this is what the list is for).

I'd appreciate any comments on any of the above (support, objections,
anything else).

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.