Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 25 Sep 2023 21:51:10 +0200
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: illumos (or at least danmcd) membership in the distros list

On Mon, Sep 25, 2023 at 07:34:06PM +0000, Dan McDonald wrote:
> On Sep 25, 2023, at 3:23 PM, Solar Designer <solar@...nwall.com> wrote:
> > 
> > Dan, although not strictly required, are there any contributing-back
> > task(s) you'd help with? -
> > 
> > https://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back
> 
> Implicitly I'm on the hook for technical task #5:
> 
> 	Check if related issues exist in implementations of
> 	similar functionality in other software (e.g., forked code
> 	including the same bug, or the same error made independently),
> 	and inform the list either way - primary: Ubuntu, backup:
> 	Flatcar Container Linux
> 
> (and so is FreeBSD and Alan-for-Oracle-Solaris in their domains).
> 
> But yes, most technical issues will be Linux-only ones judging from the audience here.

No, aside from Linux kernel issues most are not Linux-only (and for
Linux kernel ones upstream's current preference is to only bring them to
linux-distros once a fix is ready, if at all).

I don't recall Flatcar Container Linux helping with this task lately
(please correct me if I'm wrong), so we may reassign the backup role to
OmniOS, knowing that you'd only handle this for issues that get to the
distros list (and not those staying on the linux-distros sub-list).

Should we?

Separately, I'd like to hear from Flatcar Container Linux here. ;-)

> As for the others... off the top of my head, I'm curious to know:
> 
> ??? Set up and maintain more reliable oss-security Twitter/Mastodon feed(s) (the existing Twitter feed occasionally misses messages)
> 
> what the source for such a feed would contain (e.g. content? Frequency? expectation of interaction?)? I'm only visiting Twitter
> occasionally now, and I'm on good terms with my Mastodon server admin such that I *might* be able to establish a mastodon/fedi feed there.

There are lots of options here.  As I understand, the current Twitter
feed at https://twitter.com/oss_security works off the
https://seclists.org/oss-sec/ RSS feed.  This is a third-party archive
of the list, and somehow the Twitter feed often misses messages (even
those I do see in that web archive).  So the main requirement for an
alternative feed is for it to be far more reliable.  We do not currently
have RSS for the official web archive, but we/you could add that to the
blists software if needed.

> Hope this helps?

It does.  Thanks!

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.