Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 24 Aug 2021 15:46:28 -0700
From: Alan Coopersmith <>
Subject: Oracle Solaris membership in the distros list

I've read through
but am not sure how best to proceed.

While "Oracle" is currently a member of the linux-distros list, the contacts
present there currently only represent Oracle Linux.  As they joined at a time
when Oracle Solaris was not eligible (before the membership criteria was
changed from "open source distro" to "distro with substantial use of Open
Source components"), they have been keeping the information they receive from
the list strictly compartmentalized from us in the Solaris organization, as
per list rules.

We could perhaps just expand the existing "Oracle" membership to include
Solaris, but I'm not sure if it's appropriate for Solaris to be a part of
linux-distros, instead of the distros list.  While we don't ship the Linux
kernel, we do ship some appropriately licensed code from it, mostly
dual-licensed drivers, and certainly have overlapping concerns in areas
such as providing OS-level mitigations for CPU speculative execution issues,
but the same is true for the BSDs on the distros list as well.

The members I would propose adding from the Solaris team are:
	 Alan Coopersmith <Alan.Coopersmith@...cle.COM>
	 Casper Dik <Casper.Dik@...cle.COM>
	 Pavel Heimlich <Pavel.Heimlich@...cle.COM>
and existing members of the distros list from the Oracle Linux team have agreed
to vouch for us.  (Non-Oracle members of the distros list may also know me from
my years on the X.Org Foundation security response team and may know Casper
from his many years of broader community participation, and we've both been
participating in oss-security for quite a while.)

So should we just expand the existing Oracle membership to cover both teams
or do we need to apply separately as the Oracle Solaris team?

If we need to apply separately, how is the "giving back" criteria handled
for orgs who are only on distros and not linux-distros, and thus can't
perform most of the tasks given?  (I don't see the BSD's listed for any
of the tasks there.)

	-Alan Coopersmith-     
	 Oracle Solaris Engineering -

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.