Re: Request for linux-distros subscription

[Solar Designer <solar () openwall com>]

On Tue, Jun 03, 2014 at 01:16:47PM -0700, Ramon de C Valle wrote:
> I can attest that Monty is my colleague and the Manager of VMware Security Response Center. As a former colleague of 
> you (Kurt) and also former linux-distros subscriber, I would like to ask for your consideration for subscribing Monty 
> (or myself) to linux-distros on behalf of VMware. Although ESXi isn't a Linux distribution, it implements 
> Linux-compatible system calls and provides a GNU/Linux -like ecosystem that allows many applications that are 
> compiled on/for Linux operating systems to run seamlessly. This ecosystem includes OSS that should be supported in 
> timely fashion pretty much like like any other Linux distribution on the list. It also implements a Linux kernel 
> module interface and uses many Linux device drivers and kernel modules that also should be supported. In addition, 
> ESXi is the base layer that many of the Linux distributions on the list rely upon and run atop of in many datacenters 
> around the world.

Thank you, Ramon.  This is pretty good rationale, but I feel that
getting VMware onto linux-distros for the reasons given above would be a
(possibly desirable) change in who the list is for.  So far, it's been
for Linux distros, and I deliberately chose the linux-distros name for
it.  Now a non-Linux-distro wants to be specifically on linux-distros
(not just on distros), and be exposed to Linux-specific vulnerability
details (albeit for good reasons).  I'd appreciate comments by others
active in this community.

Does VMware have OSS products?  Would it be reasonable to include VMware
security advisory/contact details on our wiki?

http://oss-security.openwall.org/wiki/vendors

If there are specific OSS products with their own advisory/contact
details (different from VMware's catch-all), they may be added to:

http://oss-security.openwall.org/wiki/software

This sort of info could help us evaluate your request.

Alexander