Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Request for linux-distros () vs openwall org membership
From: akuster <akuster () mvista com>
Date: Tue, 06 Nov 2012 07:10:20 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kurt,

On 11/05/2012 10:09 AM, Kurt Seifried wrote:
On 11/05/2012 10:53 AM, Henri Salo wrote:
On Mon, Nov 05, 2012 at 05:02:52PM +0530, Premchand Koneru
wrote:
I recently joined the Montavista Security team and request 
membership to thelinux-distros () vs openwall org  list, so that
I may participate fully in reporting and fixing vulnerabilities
in Montavista. Here is my GPG fingerprint:

pub   2048R/5DA060C7 2012-11-05 Key fingerprint = 7DF9 45B4
3116 8D5C D3C0  2A15 EADE D5B2 5DA0 60C7 uid Premchand
Koneru<pkoneru () mvista com <mailto:pkoneru () mvista com>> sub
2048R/BE364B01 2012-11-05

Thank you for consideration.

This is first time I heard about Montavista. Where is your
package- and bug-tracker? Does Montavista use CVE?

- Henri Salo


Also how do we confirm you are on the security team there? I can't 
even find proof you work for Montavista (other than the email
address) and I can't find any mention of a person called "Premchand
Koneru" doing security work in the past.

I did manage to find a CVE page of sorts:

http://www.mvista.com/cve_vulnerabilities.php

For 2012 you appear to have fixed one Linux security flaw out of
the 7 listed (the rest are OpenSSL/OpenSSH), so I'm not really sure
why you would need access to distros@ if you aren't fixing Linux
related security issues any ways?

I am not surprised that our list is behind. I did mention there would
be a 3 month delay in new postings back when I was trying to get
MontaVista back on the closed list which seemed acceptable at the
time. This delay seems excessive. I will ping my management again.

If you feel that MV should be dropped from the list-distros list, then
so be it.

I do realize this list is maintained by volunteers and today's rules
are based on previous emails (kinda hard me to follow).

I do hope the requirements listed at

http://oss-security.openwall.org/wiki/mailing-lists/distros

will be update with "How to maintain membership" and "How to ack/nack
additional team members memberships".

Kind regards,
Armin



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQmShbAAoJEH91cpWuue2Nvl0P/2PfDeNSrUV8CE7oZ0GNgUGs
wXEmJGEBtplvACUOiQ8P2tOoLHrke790hkF0LaLK7bHryKzTFtNHftVxc87Qu2cR
V8ej/y7jO8/IGOYdAMS6W1dPPCZtmuVEEE2v6FGNtOGavy9LDYZRYOVBUUNB8yxr
BtY40cTyAWHHaF/IZCoFw5tbaHLhl2bM9VrU0ws98t1mbG5kRV+HGJqnTvDJbTz9
wcLIIBltehQn0u5WduDdWIZBo3hYT9mvg3hidDZ+Azag921/Caa6cuC+m5es/W2v
wuU6GFt6KEPLs1LM+r/Uw0Ip/ilZnDWJIe8KPX/aTQDMQ5SzNkj+GkG/cEW7sMZe
W8tEesag+nBuMEshtYXjILLCtOnE0NbwgaY2eHLRjZBU66WWObbeQ/upNgnKvq/X
NVrv5MKyt66NpehjGBt13Ty4k/HEOkswUQl8gmCm+x9F+Rhqdky2Ore1HyjIb/cR
5zstHdR2ZKodS5YAoiV2HfIFdfd6brymqZcNHEYfhYPnFxvaq/XNL2CRfLpvhmHT
syKQhach2t5B2EFcED734ytGnnAMExF6S+6ItQ6zChEKnb/jFXQX6m1HEYpWmzn3
thDO7RD6TEzL1EVJ5U2eEF8IXMe1QKIZdB1X/mJ99OPe0N9FYj8fJhEAz2430ej1
XjebBQngww0tU0Cod8Aq
=9Lc5
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]