Re: administrative tasks (was: illumos (or at least danmcd) membership in the distros list)

[Solar Designer <solar () openwall com>]

On Tue, Sep 26, 2023 at 04:04:28PM -0700, Alan Coopersmith wrote:
> On 9/25/23 12:23, Solar Designer wrote:
> > Administrative tasks mostly unrelated to (linux-)distros lists (but
> > relevant to the wider community)
> >
> > 1. Help ensure that each message posted to oss-security contains the
> > most essential information (e.g., vulnerability detail and/or exploit)
> > directly in the message itself (and in plain text) rather than only by
> > reference to an external resource, and add the missing information
> > (e.g., in your own words, by quoting with proper attribution, and/or by
> > creating and attaching a properly attributed text/plain export of a
> > previously referenced web page) and remind the original sender of this
> > requirement (for further occasions) in a "reply" posting when necessary
> > - primary: Oracle Solaris, backup: Container-Optimized OS

> > 3. Monitor for Open Source security issues/topics published elsewhere,
> > identify which of these would fit, and bring them to oss-security

> > 6. Suggest and provide examples of quality improvements for such reports
> > (beyond them containing the most essential information)

> Apologies, I may have misremembered exactly what I supposed to be doing at 
> some
> point, and in hindsight, much of what I have done was closer to #6 than #1:
>
> https://www.openwall.com/lists/oss-security/2022/01/25/15
> https://www.openwall.com/lists/oss-security/2022/10/12/2
> https://www.openwall.com/lists/oss-security/2023/01/31/7
>
> but I at least did some of #1 if you look far enough back:
>
> https://www.openwall.com/lists/oss-security/2022/08/09/1
>
> I've also tried to set a good example in the messages I post on behalf of 
> X.Org.

Yes, I appreciate all of this!

> I'd be happy to pass on #1 to someone else and continue doing #3.  I don't 
> have
> the bandwidth to write tools to automate it though (#4) - I mostly monitor
> chatter on twitter & mastodon, watch the newly published CVE list, and 
> monitor updates to 
> https://salsa.debian.org/security-tracker-team/security-tracker.git.

That's pretty good.  I've just made you primary for #3, and consequently
upgraded Container-Optimized OS to primary for #1 - although I expect
I'll also need to ping them off-list for things to actually be happening.

Container-Optimized OS folks, please let me know if you see this and
think you don't need further pings. ;-)

I'd also appreciate others helping with all of these tasks.  For #3,
there are simply too many relevant "Open Source security issues/topics
published elsewhere" for Alan to notice and handle them all alone.

Alexander