oss-sec mailing list archives
Re: Request for linux-distros subscription
From: Greg KH <greg () kroah com>
Date: Tue, 3 Jun 2014 23:25:01 -0700
On Wed, Jun 04, 2014 at 09:58:43AM +0400, Solar Designer wrote:
On Tue, Jun 03, 2014 at 01:16:47PM -0700, Ramon de C Valle wrote:I can attest that Monty is my colleague and the Manager of VMware Security Response Center. As a former colleague of you (Kurt) and also former linux-distros subscriber, I would like to ask for your consideration for subscribing Monty (or myself) to linux-distros on behalf of VMware. Although ESXi isn't a Linux distribution, it implements Linux-compatible system calls and provides a GNU/Linux -like ecosystem that allows many applications that are compiled on/for Linux operating systems to run seamlessly. This ecosystem includes OSS that should be supported in timely fashion pretty much like like any other Linux distribution on the list. It also implements a Linux kernel module interface and uses many Linux device drivers and kernel modules that also should be supported. In addition, ESXi is the base layer that many of the Linux distributions on the list rely upon and run atop of in many datacenters around the world.Thank you, Ramon. This is pretty good rationale, but I feel that getting VMware onto linux-distros for the reasons given above would be a (possibly desirable) change in who the list is for. So far, it's been for Linux distros, and I deliberately chose the linux-distros name for it. Now a non-Linux-distro wants to be specifically on linux-distros (not just on distros), and be exposed to Linux-specific vulnerability details (albeit for good reasons). I'd appreciate comments by others active in this community. Does VMware have OSS products? Would it be reasonable to include VMware security advisory/contact details on our wiki? http://oss-security.openwall.org/wiki/vendors
It is alleged that VMware violates the license of some OSS products, like the Linux kernel for example[1], so I don't know if that counts as a good enough reason to accept them for the list or not. I don't know of any specific OSS software of their own, except for some Linux kernel module code in the kernel source tree[2], which really doesn't justify the need to be part of linux-distros in my opinion. thanks, greg k-h [1] My opinion only, not my employers. I am not a lawyer, please consult with your own before making a decision about this if you should be using vmware products yourself. Details about why I think this are available on demand on an individual basis. [2] Nothing to do with [1], a totally different thing.
Current thread:
- Request for linux-distros subscription "VMware Security Response Center" (Jun 02)
- Re: Request for linux-distros subscription Kurt Seifried (Jun 03)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 03)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 03)
- Re: Request for linux-distros subscription Solar Designer (Jun 03)
- Re: Request for linux-distros subscription Greg KH (Jun 03)
- Re: Request for linux-distros subscription Alan Coopersmith (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Re: Request for linux-distros subscription Raphael Geissert (Jun 04)
- Re: Request for linux-distros subscription Kurt Seifried (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Request for linux-distros subscription Greg KH (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Request for linux-distros subscription Russ Allbery (Jun 04)
- Re: Request for linux-distros subscription Ramon de C Valle (Jun 04)
- Re: Request for linux-distros subscription Kurt Seifried (Jun 03)
- Re: Request for linux-distros subscription Greg KH (Jun 04)