oss-sec mailing list archives

Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities

From: Solar Designer <solar () openwall com>
Date: Tue, 5 May 2020 21:24:58 +0200

Hi,

Thank you Benjamin, Igor, John for agreeing on this between yourselves
and for all of your contributions to running these lists smoothly.

On Tue, Mar 03, 2020 at 12:07:29AM -0500, Benjamin Gilbert wrote:

Red Hat recently announced [1] that CoreOS Container Linux will reach
end-of-life on May 26.  The Container Linux team will be leaving the
distros lists on that date,


I assume you'll remind me about that on that date.

and will need to hand off our maintenance
responsibilities to other distros.  We're currently handling [2]:

Administrative-1: Promptly review new issue reports for meeting the
list's requirements and confirm receipt of the report and, when
necessary, inform the reporter of any issues with their report (e.g.,
obviously not actionable by the distros) and request and/or propose
any required yet missing information (most notably, a tentative public
disclosure date/time) - primary: CoreOS, backup: Oracle

Administrative-2: If the proposed public disclosure date is not within
list policy, insist on getting this corrected and propose a suitable
earlier date - primary: CoreOS, backup: CloudLinux

Administrative-6: If multiple issues are reported at once, see if any
of them can reasonably be made public sooner than the rest, and if so
help untangle them and stay on top of their disclosure process -
primary: CoreOS, backup: CloudLinux


Oracle isn't signed up for any other tasks, so it seems natural for
them to move up to primary on #1.  In addition to being backup on #2
and #6, CloudLinux is primary on Administrative-3 (evaluate if the
issue is already public).  In my experience it makes sense to handle
#1 and #2 together, so: Oracle, would you be willing to take primary
on #1 and #2, and CloudLinux, what would you think of moving up to
primary on #6?


I've just edited the wiki accordingly.

It'd also be good to get volunteers for the backup slots.  Any takers?


I second this request.

We plan to continue executing our current responsibilities until May
26, but if other distros want to take over our roles sooner for ease
of bookkeeping, we're open to that.


I suggest that Oracle and CloudLinux already start to act as primary for
their respective tasks, and CoreOS as backup until you leave on May 26.

Best,
--Benjamin Gilbert

[1]: https://coreos.com/os/eol/
[2]: https://oss-security.openwall.org/wiki/mailing-lists/distros#contributing-back


Thanks again,

Alexander

Current thread:

Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Solar Designer (May 05)
- Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Igor Seletskiy (May 06)
- Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Benjamin Gilbert (May 07)
  - Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Benjamin Gilbert (May 27)
    - Re: CoreOS leaving distros/linux-distros on May 26, handing off responsibilities Vincent Batts (May 27)