Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Jan 2014 22:42:03 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: rf@...eap.de
Subject: Re: linux-distros membership

On Wed, Jan 22, 2014 at 04:29:13AM +0400, Solar Designer wrote:
> As to "the details of the process", we don't currently have it fully
> formalized.  We did have a simple process for accepting a subset of
> old vendor-sec members into the distros and linux-distros lists, but
> after that point I'm afraid we never arrived at a decision on whether we
> should introduce a voting/vouching process like vendor-sec had.
> Instead, we had a few discussions in here, like the one we're having now
> due to your request.  There were several membership requests that I
> think fell in the grey area, and I think yours does too: it's not
> unreasonable, but it fails to convince me that Qlustar being on
> linux-distros would likely significantly benefit the users of your
> distro.  Is anyone else in here convinced?  (Genuine question.)

I'm not convinced. There's a three digit number of Debian-derived distros 
and many of them come and go. The oldest Qlustar advisory is less than 
a year old and there's no visible participation in any security processes.

We maintain the http://anonscm.debian.org/viewvc/kernel-sec/ repository
which tracks all kernel vulnerabilities as soon as they're public. That's
a good base for every Debian-derived distro with a modified kernel.

Cheers,
        Moritz


Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.