Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 24 Aug 2021 15:46:28 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Oracle Solaris membership in the distros list

I've read through https://oss-security.openwall.org/wiki/mailing-lists/distros
but am not sure how best to proceed.

While "Oracle" is currently a member of the linux-distros list, the contacts
present there currently only represent Oracle Linux.  As they joined at a time
when Oracle Solaris was not eligible (before the membership criteria was
changed from "open source distro" to "distro with substantial use of Open
Source components"), they have been keeping the information they receive from
the list strictly compartmentalized from us in the Solaris organization, as
per list rules.

We could perhaps just expand the existing "Oracle" membership to include
Solaris, but I'm not sure if it's appropriate for Solaris to be a part of
linux-distros, instead of the distros list.  While we don't ship the Linux
kernel, we do ship some appropriately licensed code from it, mostly
dual-licensed drivers, and certainly have overlapping concerns in areas
such as providing OS-level mitigations for CPU speculative execution issues,
but the same is true for the BSDs on the distros list as well.

The members I would propose adding from the Solaris team are:
	 Alan Coopersmith <Alan.Coopersmith@...cle.COM>
	 Casper Dik <Casper.Dik@...cle.COM>
	 Pavel Heimlich <Pavel.Heimlich@...cle.COM>
and existing members of the distros list from the Oracle Linux team have agreed
to vouch for us.  (Non-Oracle members of the distros list may also know me from
my years on the X.Org Foundation security response team and may know Casper
from his many years of broader community participation, and we've both been
participating in oss-security for quite a while.)

So should we just expand the existing Oracle membership to cover both teams
or do we need to apply separately as the Oracle Solaris team?

If we need to apply separately, how is the "giving back" criteria handled
for orgs who are only on distros and not linux-distros, and thus can't
perform most of the tasks given?  (I don't see the BSD's listed for any
of the tasks there.)

-- 
	-Alan Coopersmith-               alan.coopersmith@...cle.com
	 Oracle Solaris Engineering - https://blogs.oracle.com/alanc

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.