Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CY4PR11MB1592EFB766E40EEBE5D9F749DADD0@CY4PR11MB1592.namprd11.prod.outlook.com>
Date: Wed, 28 Jun 2017 02:27:58 +0000
From: Sven Dowideit <sven@...cher.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: Re: CoreOS membership to linux-distros

I'm also curious to know where the lines are.


I'm responsible for RancherOS, and think that both I, and my users would prefer that I had access to the embargoed information earlier, so preparing a response would have been less of a rush.


One of the things that would have made my last week less worrying, is to have some access to exploit code - so as to verify the changes actually had a useful effect.


RancherOS is a container oriented micro-linux distro with uptake in hybrid and on-premis clouds

We have the beginnings of an advisory page at http://rancher.com/docs/os/security/

And are happy to comply with embargos.

Also - keep up the awesome work - its impressive!


________________________________
From: Euan Kemp <euan.kemp@...eos.com>
Sent: 27 June 2017 15:52:49
To: oss-security@...ts.openwall.com
Subject: Re: [oss-security] CoreOS membership to linux-distros

On 06/27/2017 03:13 PM, Kurt Seifried wrote:
> My main question would be what expertise do you have in helping with
> security issues, e.g. kernel/glibc/other engineering talent? Or do you
> simply need this as a consumer of such data (e.g. so you can get containers
> ready to respin for embargoed issues, and to be clear, I'm not opposed to
> this type of consumption if it's in the public interest, you won't break
> embargoes, etc.).

To clarify your example, we're primarily concerned with preparing
updates for our distribution's kernel and userland, not for containers.

We'd be happy to help when we're able to, but our intent is mainly
consumption for the security of our users.
We'll, of course, respect embargoes.

- Euan


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.