Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 30 Oct 2019 17:24:23 +0100
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Steven Rostedt <rostedt@...dmis.org>, sashal@...nel.org,
	amakhalov@...are.com, anishs@...are.com,
	Sharath George <sharathg@...are.com>, mijzerman@...are.com,
	Srivatsa Bhat <srivatsab@...are.com>,
	"Srivatsa S. Bhat" <srivatsa@...il.mit.edu>
Subject: Re: Membership application for linux-distros - VMware

Hello Srivatsa,

I've reviewed your request and the external resources you referenced,
and more, and I find the request very reasonable and satisfying our
stated requirements.  I also gave others on oss-security time to comment
if they wanted to, and we've only seen comments in favor.

Please send me your PGP key off-list and I'll add you to linux-distros.

Please see below on contributing back:

On Wed, Oct 23, 2019 at 12:08:48PM -0700, Srivatsa S. Bhat wrote:
> We would like to volunteer for the following tasks (but we would love
> your suggestions on taking up other tasks instead, depending on the
> current needs of the list).
> 
> Technical:
> 
> 4. Check if related issues exist in the same piece of software (e.g.,
> same bug class common across the software, or other kinds of bugs
> exist in its problematic component), and inform the list either way -
> primary: Ubuntu, backup: vacant
> 
> Administrative:
> 
> 5. Determine if the reported issues are Linux-specific, and if so help
> ensure that (further) private discussion goes on the linux-distros
> sub-list only (thus, not spamming and unnecessarily disclosing to the
> non-Linux distros) - primary: SUSE, backup: vacant

This is a good choice, thanks!

I'd like you to pick a primary role for some task.  As an option, we can
make you primary for "5. Determine if the reported issues are
Linux-specific ...", moving SUSE to backup.

Please let me know of your final choice, as well as where you'd like to
be primary and where to join as a backup.

We also need a distro to volunteer for the only currently completely
unassigned task requiring list membership, Technical 6:

6. Produce and share well-reasoned estimates for the time required to
handle the issues under embargo (such as to (re)negotiate the public
disclosure date and/or to choose between the different ways to handle an
issue)

I mention this not only in response to you, but also in case any other
distro would take this opportunity to volunteer for this task.  I guess
that same distro could also be involved in Technical 1 and/or 2 since
the time estimates and schedules could reasonably come out of such work:

1. Propose (other) ways to fix, work around, or mitigate the reported
issues - primary: Red Hat, backup: vacant

2. Develop and share fixes, workarounds, or mitigations - primary: Red Hat,
backup: vacant

Any takers?

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.