oss-sec mailing list archives

Re: Request for linux-distros () vs openwall org membership

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 05 Nov 2012 11:09:44 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/05/2012 10:53 AM, Henri Salo wrote:

On Mon, Nov 05, 2012 at 05:02:52PM +0530, Premchand Koneru wrote:

I recently joined the Montavista Security team and request
membership to thelinux-distros () vs openwall org  list, so that I
may participate fully in reporting and fixing vulnerabilities in
Montavista. Here is my GPG fingerprint:

pub   2048R/5DA060C7 2012-11-05 Key fingerprint = 7DF9 45B4 3116
8D5C D3C0  2A15 EADE D5B2 5DA0 60C7 uid
Premchand Koneru<pkoneru () mvista com
<mailto:pkoneru () mvista com>> sub   2048R/BE364B01 2012-11-05

Thank you for consideration.


This is first time I heard about Montavista. Where is your package-
and bug-tracker? Does Montavista use CVE?

- Henri Salo


Also how do we confirm you are on the security team there? I can't
even find proof you work for Montavista (other than the email address)
and I can't find any mention of a person called "Premchand Koneru"
doing security work in the past.

I did manage to find a CVE page of sorts:

http://www.mvista.com/cve_vulnerabilities.php

For 2012 you appear to have fixed one Linux security flaw out of the 7
listed (the rest are OpenSSL/OpenSSH), so I'm not really sure why you
would need access to distros@ if you aren't fixing Linux related
security issues any ways?

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQmADoAAoJEBYNRVNeJnmTV/MP/RpOjpvT1HWlxY0x8NEFWOgG
AKK4OhUyH+wi/ECyhzoo9TaUvClXILrBwIcWvq2rRkVOEddzDfvmQyACSxuqTOwh
D4ectq352nfwccTmBTOPL1WdbknFrhPD6NrVoXF1hvef65CKV6A2HlX8j/shWCs2
3YhjwzHZgBP/ueeuXwa+Ki9NmuQQvy4XsVMmr6zxCdaZA6GhmvJGP19tsmUcl9dZ
Km9nrQ1D8ia0/gG07l740BEDX7Hw08AKshWt8+fvbeCXKvepLryIL8rpV4bqgqAq
z2WuJ3GiQSSMbXII/xrtrqknzOQsB1eRW8hjsthG45UewJ2kZ4aF4vFrDzPMCvDX
lk+YPcB98SZfWHkRmuH4tn0bMTFVGn3xFWZ4hwr3qy9L+v3oHpV/l38z3HgmN7v8
NgfEn0X5Fj6GsYE429hGRXARs/CsNeMN5mYPO3sYbH7Sl6Y/iv9kAfpxcZhf5Xyw
hZVwoditoy/nkisoShl9WniHLm4z21Zkl9k8nHwDQ8dZbjZvllNb0kR1a7cBKJWF
hL2mEfwhbulJ+XOTr8hi9itgXOYTLddUtCL4fX/Yv7keTn7O1W63sejIf9uqnNjV
y0My68LsnXzsn1+wpgefDXIyhfl/3pLtGVpyLWUJJkK4WK3OyIoQeSD3OyM1hWhv
9fiD6tELhvhINEY2O2sy
=iMG8
-----END PGP SIGNATURE-----

Current thread:

Request for linux-distros () vs openwall org membership Premchand Koneru (Nov 05)
- Re: Request for linux-distros () vs openwall org membership Henri Salo (Nov 05)
  - Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 05)
    - Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
    - Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
    - Re: Request for linux-distros () vs openwall org membership John Haxby (Nov 06)
    - Re: Request for linux-distros () vs openwall org membership Tomas Hoger (Nov 06)
    - Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
    - Re: Request for linux-distros () vs openwall org membership Kurt Seifried (Nov 06)
  - Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
- Re: Request for linux-distros () vs openwall org membership akuster (Nov 06)
- Re: Request for linux-distros () vs openwall org membership akuster (Nov 09)
- Re: Request for linux-distros () vs openwall org membership Solar Designer (Nov 10)

(Thread continues...)