Date: Wed, 9 Apr 2014 23:13:33 -0700 From: Matt Wilson <msw@...zon.com> To: Kurt Seifried <kseifried@...hat.com> CC: <oss-security@...ts.openwall.com>, Max Spevack <spevack@...zon.com>, Anthony Liguori <aliguori@...zon.com>, "Mark J. Cox" <mjc@...hat.com>, Cristian Gafton <gafton@...zon.com> Subject: Re: Request for linux-distros list membership On Wed, Apr 09, 2014 at 11:57:33PM -0600, Kurt Seifried wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 04/09/2014 09:13 PM, Anthony Liguori wrote: > > On 04/09/14 19:04, Kurt Seifried wrote: > >> On 04/09/2014 09:23 AM, Anthony Liguori wrote: > >>> Hi, > > > >>> I would like to request membership to the closed linux-distros > >>> mailing list on behalf of the Amazon Linux AMI distribution. > >>> We do not currently have anyone on this list from Amazon but > >>> we would like to change that. The Amazon Linux AMI > >>> distribution is RPM based, optimized for EC2, and tracks a > >>> number of packages (including the kernel) directly from > >>> upstream. > > > >>> Here is my GPG fingerprint: > > > >>> pub 2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 > >>> 390F A270 BC30 4A93 1AAD C710 5682 E5FF uid > >>> Anthony Liguori <anthony@...emonkey.ws> sub 2048R/44FFA77F > >>> 2013-07-30 > > > >>> I'm sending this from my personal account since this is the uid > >>> associated with my GPG key but I would prefer to be subscribed > >>> to my @amazon.com (CC'd here). > > > >>> If anyone has any questions, please don't hestitate to ask. > >>> Thanks for your consideration! > > > >>> Regards, > > > >>> Anthony Liguori > > > >> I find it a bit odd you can't send this from your work email > >> address. Would it be possible to add that email address to your > >> key and then use your work email address? > > > > We use DKIM which doesn't work very well with all mailing lists. > > You should receive this okay since you are on CC but I'm not sure > > everyone will get this through the mailing list. If it doesn't > > make it, I'll send this same (signed) message via the > > @codemonkey.ws address. > > > > I also added this address as a uid to my key. Here it is again: > > > > pub 2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 390F > > A270 BC30 4A93 1AAD C710 5682 E5FF uid Anthony > > Liguori <aliguori@...zon.com> uid Anthony Liguori > > <anthony@...emonkey.ws> sub 2048R/44FFA77F 2013-07-30 > > > >> I guess I'm wondering is this an official request on behalf of > >> Amazon or some random Amazon (employee? contractor?) asking for > >> access to distros@. > > > > Yes, this is an official request on behalf of Amazon. I am > > requesting access on behalf of the Amazon Linux AMI team. > > > >  http://aws.amazon.com/amazon-linux-ami/ > > > > Regards, > > > > Anthony Liguori > > So first off I'm inclined to have Amazon on the distros list (same > reasons as Oracle basically). > > My only concern is are you the correct person, I have no clue who is > on the Amazon security team for their Linux distribution, I've never > seen you post anything anywhere. Perhaps Google "Anthony Liguori site:qemu.org" > Your search - site:aws.amazon.com Anthony Liguori - did not match any > documents. > > Your search - site:aws.amazon.com aliguori@...zon.com - did not match > any documents. > > Can we somehow get confirmation from Amazon that this is the right > person to have on distros? Thanks. Apologies for not having PGP set up for my work email. I can confirm that Anthony is one of several correct people for dealing with security issues relating to Amazon Linux AMI. Cristian Gafton and I also deal with security issues, as we did in the Olden vendor-sec Days at Red Hat and rPath. I've added Mark Cox to CC: in case he'd like to weigh in on our backgrounds. Max Spevack, previous Fedora Project leader and the manager in charge of Amazon Linux AMI, is also on Cc:. Today we're just looking to get Anthony added to linux-distros as the primary contact. --msw
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.