Re: AlmaLinux Distros List Application

[Darya Malyavkina <dmalyavkina () cloudlinux com>]

Hello,

I'm Darya Malyavkina, Director of Release Engineering at CloudLinux. I
vouch for Jonathan Wright and Andrew Lukoshko

On Tue, Dec 12, 2023 at 9:35 PM Jonathan Wright <jonathan () almalinux org>
wrote:

> I’m submitting this application on behalf of the AlmaLinux OS Foundation.
>
>
> Myself (Jonathan Wright) and Andrew Lukoshko, our lead architect, would be
> joining if approved.
>
>
>    1.
>
>    Be an actively maintained Unix-like operating system distro with
>    substantial use of Open Source components
>    1.
>
>       We are actively maintained and have released 4 minor versions this
>       year (8.8, 8.9, 9.2, and 9.3) along with small updates within the minor
>       versions, generally at least a few updates per week.
>       2.
>
>    Have a userbase not limited to your own organization
>    1.
>
>       Our public mirror system alone serves 750k unique systems weekly,
>       and is used worldwide for a variety of things.
>       3.
>
>    Have a publicly verifiable track record, dating back at least 1 year
>    and continuing to present day, of fixing security issues (including some
>    that had been handled on (linux-)distros, meaning that membership would
>    have been relevant to you) and releasing the fixes within 10 days (and
>    preferably much less than that) of the issues being made public (if it
>    takes you ages to fix an issue, your users wouldn't substantially benefit
>    from the additional time, often around 7 days and sometimes up to 14 days,
>    that list membership could give you)
>    1.
>
>       Historically we have been following Red Hat releases within 1-2
>       days, and since our shift in June away from following Red Hat we have been
>       able to release some security updates ahead of Red Hat (Iperf3 patch and
>       AMD microcode/kernel patches specifically). We would not be beholden to
>       CentOS Stream updates for our patch releases.
>       4.
>
>    Not be (only) downstream or a rebuild of another distro (or else we
>    need convincing additional justification of how the list membership would
>    enable you to release fixes sooner, presumably not relying on the upstream
>    distro having released their fixes first?)
>    1.
>
>       While we've historically done that (which is why it didn’t make
>       sense to join earlier), we shifted in June to our own OS that is
>       ABI-compatible with RHEL.
>       5.
>
>    Be a participant and preferably an active contributor in relevant
>    public communities (most notably, if you're not watching for issues being
>    made public on oss-security, which are a superset of those that had been
>    handled on (linux-)distros, then there's no valid reason for you to be on
>    (linux-)distros)
>    1.
>
>       we have many participants on the oss-security list.
>       6.
>
>    Accept the list policy (see above)
>    1.
>
>       accepted
>       7.
>
>    Be able and willing to contribute back (see above), preferably in
>    specific ways announced in advance (so that you're responsible for a
>    specific area and so that we know what to expect from which member), and
>    demonstrate actual contributions once you've been a member for a while
>    1.
>
>       Immediately we can begin to help reporters ensure their reports are
>       following the requirements and are confirmed/replied to. As we advance our
>       understanding of how things operate, and the need arises, we can expand our
>       work into contributing more deeply.
>       8.
>
>    Be able and willing to handle PGP-encrypted e-mail
>    1.
>
>       done.
>       9.
>
>    Have someone already on the private list, or at least someone else who
>    has been active on oss-security for years but is not affiliated with your
>    distro nor your organization, vouch for at least one of the people
>    requesting membership on behalf of your distro (then that one vouched-for
>    person will be able to vouch for others on your team, in case you'd like
>    multiple people subscribed)
>    1.
>
>       Darya Malyavkina from CloudLinux will vouch for us.
>
>
> --
> Jonathan Wright
> AlmaLinux Foundation
> Mattermost: chat <https://chat.almalinux.org/almalinux/messages/@jonathan>


-- 
Best regards,
Darya Malyavkina
Director of Release Engineering at CloudLinux

CloudLinux.com <http://cloudlinux.com/>  |  KernelCare.com
<http://kernelcare.com/>  |  Imunify360 <http://imunify360.com/>  |
AlmaLinux <https://almalinux.org/>

helpdesk.cloudlinux.com: 24/7 Free, exceptionally good support
Follow twitter.com/CloudLinuxOS for technical updates