Re: linux-distros membership application - Microsoft

[Tyler Hicks <tyhicks () canonical com>]

On 2019-06-27 09:57:38, Anthony Liguori wrote:
> On Thu, Jun 27, 2019 at 7:05 AM Solar Designer <solar () openwall com> wrote:
> > > > 3. Have a publicly verifiable track record, dating back at least 1
> > > > year and continuing to present day, of fixing security issues
> > > > (including some that had been handled on (linux-)distros, meaning that
> > > > membership would have been relevant to you) and releasing the fixes
> > > > within 10 days (and preferably much less than that) of the issues
> > > > being made public (if it takes you ages to fix an issue, your users
> > > > wouldn't substantially benefit from the additional time, often around
> > > > 7 days and sometimes up to 14 days, that list membership could give
> > > > you).
> > >
> > > Microsoft has decades long history of addressing security issues via
> > > MSRC (https://www.microsoft.com/en-us/msrc). While we are able to
> > > quickly (<1-2 hours) create a build to address disclosed security
> > > issues, we require extensive testing and validation before we make these
> > > builds public. Being members of this mailing list would provide us the
> > > additional time we need for extensive testing.
> >
> > It'd be helpful if you could directly address this part: "including some
> > that had been handled on (linux-)distros, meaning that membership would
> > have been relevant to you".  Without such examples yet, we'd have to be
> > guessing whether the membership would have been relevant to you or not.
>
> I'm not aware of issues on the distros list, but Microsoft has been
> very active in working with the broader community on Spectre/Meltdown
> style mitigations.  I think the community would benefit overall from
> their participation on distros.

I agree with Anthony on this point. They've been beneficial to the
greater Linux community and I feel like their direct involvement on
linux-distros would benefit other members.

Tyler