Date: Wed, 30 Oct 2019 17:24:23 +0100 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: Steven Rostedt <rostedt@...dmis.org>, sashal@...nel.org, amakhalov@...are.com, anishs@...are.com, Sharath George <sharathg@...are.com>, mijzerman@...are.com, Srivatsa Bhat <srivatsab@...are.com>, "Srivatsa S. Bhat" <srivatsa@...il.mit.edu> Subject: Re: Membership application for linux-distros - VMware Hello Srivatsa, I've reviewed your request and the external resources you referenced, and more, and I find the request very reasonable and satisfying our stated requirements. I also gave others on oss-security time to comment if they wanted to, and we've only seen comments in favor. Please send me your PGP key off-list and I'll add you to linux-distros. Please see below on contributing back: On Wed, Oct 23, 2019 at 12:08:48PM -0700, Srivatsa S. Bhat wrote: > We would like to volunteer for the following tasks (but we would love > your suggestions on taking up other tasks instead, depending on the > current needs of the list). > > Technical: > > 4. Check if related issues exist in the same piece of software (e.g., > same bug class common across the software, or other kinds of bugs > exist in its problematic component), and inform the list either way - > primary: Ubuntu, backup: vacant > > Administrative: > > 5. Determine if the reported issues are Linux-specific, and if so help > ensure that (further) private discussion goes on the linux-distros > sub-list only (thus, not spamming and unnecessarily disclosing to the > non-Linux distros) - primary: SUSE, backup: vacant This is a good choice, thanks! I'd like you to pick a primary role for some task. As an option, we can make you primary for "5. Determine if the reported issues are Linux-specific ...", moving SUSE to backup. Please let me know of your final choice, as well as where you'd like to be primary and where to join as a backup. We also need a distro to volunteer for the only currently completely unassigned task requiring list membership, Technical 6: 6. Produce and share well-reasoned estimates for the time required to handle the issues under embargo (such as to (re)negotiate the public disclosure date and/or to choose between the different ways to handle an issue) I mention this not only in response to you, but also in case any other distro would take this opportunity to volunteer for this task. I guess that same distro could also be involved in Technical 1 and/or 2 since the time estimates and schedules could reasonably come out of such work: 1. Propose (other) ways to fix, work around, or mitigate the reported issues - primary: Red Hat, backup: vacant 2. Develop and share fixes, workarounds, or mitigations - primary: Red Hat, backup: vacant Any takers? Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.