Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 20 Jul 2020 20:35:32 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: volkerdi@...ckware.com
Subject: Re: Flatcar membership on the linux-distros list

Hi Vincent,

I intentionally didn't hurry to comment on this, hoping that others
would comment first.  I would still appreciate more comments by others.

On Tue, Jul 14, 2020 at 02:20:07PM -0400, Vincent Batts wrote:
> Using the
> https://oss-security.openwall.org/wiki/mailing-lists/distros#membership-criteria
> I???m outlining why Flatcar Container Linux ought to be on the linux-distros
> list.

Thanks.  Much of this looks convincing to me, but here are some comments:

> We have already been a participant on oss-security for some time and are
> active in a number of communities. Glad to participate.

Vincent, as far as I could find, you personally have subscribed to
oss-security 2 months ago, and I couldn't find anyone else from Flatcar
Linux subscribed.  (Maybe people are with personal addresses that I
didn't associate with Flatcar Linux.)

I also found only this one posting to Openwall lists by you:

https://www.openwall.com/lists/kernel-hardening/2017/02/03/38

This is good, but it's not a lot.

What I see on the Flatcar Linux website is more convincing, but maybe
you can point us at specific examples of community participation by you
personally and/or by others at Flatcar Linux?

> > Be able and willing to contribute back (see above), preferably in
> specific ways announced in advance (so that you're responsible for a
> specific area and so that we know what to expect from which member), and
> demonstrate actual contributions once you've been a member for a while
> 
> There are a number of the items we will do through the course of normal
> process (review, test, validate, monitor for issues going public). As for
> owning or being a backup, I expect that would be a consideration after
> being a member for a period.

As I recall other applications to join the linux-distros list since we
introduced this contribute-back requirement, distros volunteered for
some tasks right away, not "after being a member for a period."  What
you say makes sense, but would be a deviation from the practice so far.
I'd appreciate not needing to make an exception for you.

> Pat Volkerding can vouch for me (CC???ed), and maybe others, but I asked
> volkerdi first :-)

We haven't yet heard from Pat Volkerding.  Given your LinkedIn profile,
I guess someone from Red Hat could vouch for you as well.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.