Re: Request for linux-distros list membership

[Matt Wilson <msw () amazon com>]

On Wed, Apr 09, 2014 at 11:57:33PM -0600, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 04/09/2014 09:13 PM, Anthony Liguori wrote:
> > On 04/09/14 19:04, Kurt Seifried wrote:
> > > On 04/09/2014 09:23 AM, Anthony Liguori wrote:
> > > > Hi,
> >
> > > > I would like to request membership to the closed linux-distros 
> > > > mailing list on behalf of the Amazon Linux AMI distribution.
> > > > We do not currently have anyone on this list from Amazon but
> > > > we would like to change that.  The Amazon Linux AMI
> > > > distribution is RPM based, optimized for EC2, and tracks a
> > > > number of packages (including the kernel) directly from
> > > > upstream.
> >
> > > > Here is my GPG fingerprint:
> >
> > > > pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4
> > > > 390F A270 BC30  4A93 1AAD C710 5682 E5FF uid
> > > > Anthony Liguori <anthony () codemonkey ws> sub   2048R/44FFA77F
> > > > 2013-07-30
> >
> > > > I'm sending this from my personal account since this is the uid
> > > >  associated with my GPG key but I would prefer to be subscribed
> > > > to my @amazon.com (CC'd here).
> >
> > > > If anyone has any questions, please don't hestitate to ask. 
> > > > Thanks for your consideration!
> >
> > > > Regards,
> >
> > > > Anthony Liguori
> >
> > > I find it a bit odd you can't send this from your work email 
> > > address. Would it be possible to add that email address to your
> > > key and then use your work email address?
> >
> > We use DKIM which doesn't work very well with all mailing lists.
> > You should receive this okay since you are on CC but I'm not sure
> > everyone will get this through the mailing list.  If it doesn't
> > make it, I'll send this same (signed) message via the
> > @codemonkey.ws address.
> >
> > I also added this address as a uid to my key.  Here it is again:
> >
> > pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 390F
> > A270 BC30  4A93 1AAD C710 5682 E5FF uid                  Anthony
> > Liguori <aliguori () amazon com> uid                  Anthony Liguori
> > <anthony () codemonkey ws> sub   2048R/44FFA77F 2013-07-30
> >
> > > I guess I'm wondering is this an official request on behalf of 
> > > Amazon or some random Amazon (employee? contractor?) asking for 
> > > access to distros@.
> >
> > Yes, this is an official request on behalf of Amazon.  I am
> > requesting access on behalf of the Amazon Linux AMI team[1].
> >
> > [1] http://aws.amazon.com/amazon-linux-ami/
> >
> > Regards,
> >
> > Anthony Liguori
>
> So first off I'm inclined to have Amazon on the distros list (same
> reasons as Oracle basically).
>
> My only concern is are you the correct person, I have no clue who is
> on the Amazon security team for their Linux distribution, I've never
> seen you post anything anywhere.

Perhaps Google "Anthony Liguori site:qemu.org"

> Your search - site:aws.amazon.com Anthony Liguori - did not match any
> documents.
>
> Your search - site:aws.amazon.com aliguori () amazon com - did not match
> any documents.
>
> Can we somehow get confirmation from Amazon that this is the right
> person to have on distros? Thanks.

Apologies for not having PGP set up for my work email.

I can confirm that Anthony is one of several correct people for
dealing with security issues relating to Amazon Linux AMI. Cristian
Gafton and I also deal with security issues, as we did in the Olden
vendor-sec Days at Red Hat and rPath. I've added Mark Cox to CC: in
case he'd like to weigh in on our backgrounds.

Max Spevack, previous Fedora Project leader and the manager in charge
of Amazon Linux AMI, is also on Cc:.

Today we're just looking to get Anthony added to linux-distros as the
primary contact.

--msw