Re: Request for linux-distros () vs openwall org membership

[akuster <akuster () mvista com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt,

On 11/05/2012 10:09 AM, Kurt Seifried wrote:
> On 11/05/2012 10:53 AM, Henri Salo wrote:
> > On Mon, Nov 05, 2012 at 05:02:52PM +0530, Premchand Koneru
> > wrote:
> > > I recently joined the Montavista Security team and request 
> > > membership to thelinux-distros () vs openwall org  list, so that
> > > I may participate fully in reporting and fixing vulnerabilities
> > > in Montavista. Here is my GPG fingerprint:
> > >
> > > pub   2048R/5DA060C7 2012-11-05 Key fingerprint = 7DF9 45B4
> > > 3116 8D5C D3C0  2A15 EADE D5B2 5DA0 60C7 uid Premchand
> > > Koneru<pkoneru () mvista com <mailto:pkoneru () mvista com>> sub
> > > 2048R/BE364B01 2012-11-05
> > >
> > > Thank you for consideration.
>
> > This is first time I heard about Montavista. Where is your
> > package- and bug-tracker? Does Montavista use CVE?
>
> > - Henri Salo
>
>
> Also how do we confirm you are on the security team there? I can't 
> even find proof you work for Montavista (other than the email
> address) and I can't find any mention of a person called "Premchand
> Koneru" doing security work in the past.
>
> I did manage to find a CVE page of sorts:
>
> http://www.mvista.com/cve_vulnerabilities.php
>
> For 2012 you appear to have fixed one Linux security flaw out of
> the 7 listed (the rest are OpenSSL/OpenSSH), so I'm not really sure
> why you would need access to distros@ if you aren't fixing Linux
> related security issues any ways?

I am not surprised that our list is behind. I did mention there would
be a 3 month delay in new postings back when I was trying to get
MontaVista back on the closed list which seemed acceptable at the
time. This delay seems excessive. I will ping my management again.

If you feel that MV should be dropped from the list-distros list, then
so be it.

I do realize this list is maintained by volunteers and today's rules
are based on previous emails (kinda hard me to follow).

I do hope the requirements listed at

http://oss-security.openwall.org/wiki/mailing-lists/distros

will be update with "How to maintain membership" and "How to ack/nack
additional team members memberships".

Kind regards,
Armin



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQmShbAAoJEH91cpWuue2Nvl0P/2PfDeNSrUV8CE7oZ0GNgUGs
wXEmJGEBtplvACUOiQ8P2tOoLHrke790hkF0LaLK7bHryKzTFtNHftVxc87Qu2cR
V8ej/y7jO8/IGOYdAMS6W1dPPCZtmuVEEE2v6FGNtOGavy9LDYZRYOVBUUNB8yxr
BtY40cTyAWHHaF/IZCoFw5tbaHLhl2bM9VrU0ws98t1mbG5kRV+HGJqnTvDJbTz9
wcLIIBltehQn0u5WduDdWIZBo3hYT9mvg3hidDZ+Azag921/Caa6cuC+m5es/W2v
wuU6GFt6KEPLs1LM+r/Uw0Ip/ilZnDWJIe8KPX/aTQDMQ5SzNkj+GkG/cEW7sMZe
W8tEesag+nBuMEshtYXjILLCtOnE0NbwgaY2eHLRjZBU66WWObbeQ/upNgnKvq/X
NVrv5MKyt66NpehjGBt13Ty4k/HEOkswUQl8gmCm+x9F+Rhqdky2Ore1HyjIb/cR
5zstHdR2ZKodS5YAoiV2HfIFdfd6brymqZcNHEYfhYPnFxvaq/XNL2CRfLpvhmHT
syKQhach2t5B2EFcED734ytGnnAMExF6S+6ItQ6zChEKnb/jFXQX6m1HEYpWmzn3
thDO7RD6TEzL1EVJ5U2eEF8IXMe1QKIZdB1X/mJ99OPe0N9FYj8fJhEAz2430ej1
XjebBQngww0tU0Cod8Aq
=9Lc5
-----END PGP SIGNATURE-----