Re: linux-distros membership

[Moritz Muehlenhoff <jmm () debian org>]

On Wed, Jan 22, 2014 at 04:29:13AM +0400, Solar Designer wrote:
> As to "the details of the process", we don't currently have it fully
> formalized.  We did have a simple process for accepting a subset of
> old vendor-sec members into the distros and linux-distros lists, but
> after that point I'm afraid we never arrived at a decision on whether we
> should introduce a voting/vouching process like vendor-sec had.
> Instead, we had a few discussions in here, like the one we're having now
> due to your request.  There were several membership requests that I
> think fell in the grey area, and I think yours does too: it's not
> unreasonable, but it fails to convince me that Qlustar being on
> linux-distros would likely significantly benefit the users of your
> distro.  Is anyone else in here convinced?  (Genuine question.)

I'm not convinced. There's a three digit number of Debian-derived distros 
and many of them come and go. The oldest Qlustar advisory is less than 
a year old and there's no visible participation in any security processes.

We maintain the http://anonscm.debian.org/viewvc/kernel-sec/ repository
which tracks all kernel vulnerabilities as soon as they're public. That's
a good base for every Debian-derived distro with a modified kernel.

Cheers,
        Moritz

Attachment: signature.asc
Description: Digital signature