Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 05 Nov 2012 11:09:44 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Request for linux-distros@...openwall.org membership

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/05/2012 10:53 AM, Henri Salo wrote:
> On Mon, Nov 05, 2012 at 05:02:52PM +0530, Premchand Koneru wrote:
>> I recently joined the Montavista Security team and request
>> membership to thelinux-distros@...openwall.org  list, so that I
>> may participate fully in reporting and fixing vulnerabilities in
>> Montavista. Here is my GPG fingerprint:
>> 
>> pub   2048R/5DA060C7 2012-11-05 Key fingerprint = 7DF9 45B4 3116
>> 8D5C D3C0  2A15 EADE D5B2 5DA0 60C7 uid
>> Premchand Koneru<pkoneru@...sta.com
>> <mailto:pkoneru@...sta.com>> sub   2048R/BE364B01 2012-11-05
>> 
>> Thank you for consideration.
> 
> This is first time I heard about Montavista. Where is your package-
> and bug-tracker? Does Montavista use CVE?
> 
> - Henri Salo
> 

Also how do we confirm you are on the security team there? I can't
even find proof you work for Montavista (other than the email address)
and I can't find any mention of a person called "Premchand Koneru"
doing security work in the past.

I did manage to find a CVE page of sorts:

http://www.mvista.com/cve_vulnerabilities.php

For 2012 you appear to have fixed one Linux security flaw out of the 7
listed (the rest are OpenSSL/OpenSSH), so I'm not really sure why you
would need access to distros@ if you aren't fixing Linux related
security issues any ways?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQmADoAAoJEBYNRVNeJnmTV/MP/RpOjpvT1HWlxY0x8NEFWOgG
AKK4OhUyH+wi/ECyhzoo9TaUvClXILrBwIcWvq2rRkVOEddzDfvmQyACSxuqTOwh
D4ectq352nfwccTmBTOPL1WdbknFrhPD6NrVoXF1hvef65CKV6A2HlX8j/shWCs2
3YhjwzHZgBP/ueeuXwa+Ki9NmuQQvy4XsVMmr6zxCdaZA6GhmvJGP19tsmUcl9dZ
Km9nrQ1D8ia0/gG07l740BEDX7Hw08AKshWt8+fvbeCXKvepLryIL8rpV4bqgqAq
z2WuJ3GiQSSMbXII/xrtrqknzOQsB1eRW8hjsthG45UewJ2kZ4aF4vFrDzPMCvDX
lk+YPcB98SZfWHkRmuH4tn0bMTFVGn3xFWZ4hwr3qy9L+v3oHpV/l38z3HgmN7v8
NgfEn0X5Fj6GsYE429hGRXARs/CsNeMN5mYPO3sYbH7Sl6Y/iv9kAfpxcZhf5Xyw
hZVwoditoy/nkisoShl9WniHLm4z21Zkl9k8nHwDQ8dZbjZvllNb0kR1a7cBKJWF
hL2mEfwhbulJ+XOTr8hi9itgXOYTLddUtCL4fX/Yv7keTn7O1W63sejIf9uqnNjV
y0My68LsnXzsn1+wpgefDXIyhfl/3pLtGVpyLWUJJkK4WK3OyIoQeSD3OyM1hWhv
9fiD6tELhvhINEY2O2sy
=iMG8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.