Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Sep 2012 06:28:30 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: (linux-)distros membership changes

Hi,

For the sake of (partial) transparency:

There have been some recent changes in who is subscribed to the
linux-distros@vs list for SUSE and Red Hat (unsubscribes only) and for
Debian and Oracle (a few people leaving and joining).  For all new
members, their subscription was requested by the vendor's security team.

Here's how many people are currently subscribed for each distro, on
linux-distros:

ALT Linux: 1
Android: 1
CentOS: 1
Chrome OS: 1
Debian: 4
Frugalware: 1
Gentoo: 2
Mandriva: 1
MontaVista Software: 1
Openwall: 1
Oracle: 2
Pardus: 2
Red Hat: 7
rPath: 1
Slackware: 1
SUSE: 4
Ubuntu: 6
Wind River: 1

On distros (in addition to all of the above):

FreeBSD: 2
NetBSD/pkgsrc: 3

Initially, we had a policy to announce each person's (un)subscription in
here, but this was noisy and it was maybe-reasonably criticized for
potentially being too transparent - making some people and their specific
e-mail addresses more of a target, although those joining early on were
obvious targets as their distros' security contact persons anyway.
(Of course, all mail from the list to its members is PGP-encrypted,
which partially mitigates the problem in some cases.)

Please let me know if we - the oss-security community - feel that we
should return to that more/too transparent practice.  For now, I feel
that only new vendors joining need to be announced/discussed in here,
whereas routine changes of who from a distro's security team is
subscribed may be handled off-list, and summaries like the above posted
in here once in a while.

For those who don't know what this is about, see:

http://oss-security.openwall.org/wiki/mailing-lists/distros

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.