oss-sec mailing list archives
Re: CoreOS membership to linux-distros
From: Sven Dowideit <sven () rancher com>
Date: Wed, 28 Jun 2017 02:27:58 +0000
I'm also curious to know where the lines are. I'm responsible for RancherOS, and think that both I, and my users would prefer that I had access to the embargoed information earlier, so preparing a response would have been less of a rush. One of the things that would have made my last week less worrying, is to have some access to exploit code - so as to verify the changes actually had a useful effect. RancherOS is a container oriented micro-linux distro with uptake in hybrid and on-premis clouds We have the beginnings of an advisory page at http://rancher.com/docs/os/security/ And are happy to comply with embargos. Also - keep up the awesome work - its impressive! ________________________________ From: Euan Kemp <euan.kemp () coreos com> Sent: 27 June 2017 15:52:49 To: oss-security () lists openwall com Subject: Re: [oss-security] CoreOS membership to linux-distros On 06/27/2017 03:13 PM, Kurt Seifried wrote:
My main question would be what expertise do you have in helping with security issues, e.g. kernel/glibc/other engineering talent? Or do you simply need this as a consumer of such data (e.g. so you can get containers ready to respin for embargoed issues, and to be clear, I'm not opposed to this type of consumption if it's in the public interest, you won't break embargoes, etc.).
To clarify your example, we're primarily concerned with preparing updates for our distribution's kernel and userland, not for containers. We'd be happy to help when we're able to, but our intent is mainly consumption for the security of our users. We'll, of course, respect embargoes. - Euan
Current thread:
- CoreOS membership to linux-distros Euan Kemp (Jun 27)
- Re: CoreOS membership to linux-distros Kurt Seifried (Jun 27)
- Re: CoreOS membership to linux-distros Euan Kemp (Jun 27)
- Re: CoreOS membership to linux-distros Sven Dowideit (Jun 27)
- Re: CoreOS membership to linux-distros Dominique Martinet (Jun 28)
- Re: CoreOS membership to linux-distros Sven Dowideit (Jun 28)
- Re: CoreOS membership to linux-distros Euan Kemp (Jun 27)
- Re: CoreOS membership to linux-distros Kurt Seifried (Jun 27)