Re: CoreOS membership to linux-distros

[Kurt Seifried <kseifried () redhat com>]

My main question would be what expertise do you have in helping with
security issues, e.g. kernel/glibc/other engineering talent? Or do you
simply need this as a consumer of such data (e.g. so you can get containers
ready to respin for embargoed issues, and to be clear, I'm not opposed to
this type of consumption if it's in the public interest, you won't break
embargoes, etc.).

On Tue, Jun 27, 2017 at 2:59 PM, Euan Kemp <euan.kemp () coreos com> wrote:

> Hello.
>
> We, the Container Linux team at CoreOS[0], would like to request
> membership to the linux-distros list.
>
> We've requested membership once before[1], but at the time new members
> weren't being added iirc.
>
> Based on Solar's comments in the Stack Clash thread, this seems like a
> good time to renew this discussion.
>
>
> To preempt some possible questions:
>
> Q: What’s Container Linux?
> Container Linux (formerly called CoreOS) is a linux distribution for
> servers which automatically updates by default; it’s generally available
> and has a fairly large install base.
>
> Q: Can you handle embargoed builds?
> We have the infrastructure and experience to make embargoed
> builds/releases. These have been exercised by e.g. docker CVEs in the past.
>
> Q: Do you have an advisory page?
> We don't have a more comprehensive advisory page than our release notes
> (which list CVEs fixed in each version) and in some cases blog posts.
> We intend to have an advisory page at some indeterminate point in the
> future.
>
>
> - Euan
>
> [0]: https://coreos.com/why/
> [1]: http://seclists.org/oss-sec/2016/q4/205


-- 

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert () redhat com