Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <534632CD.7040403@redhat.com>
Date: Wed, 09 Apr 2014 23:57:33 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Matt Wilson <msw@...zon.com>, Max Spevack <spevack@...zon.com>,
        Anthony Liguori <aliguori@...zon.com>
Subject: Re: Request for linux-distros list membership

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/09/2014 09:13 PM, Anthony Liguori wrote:
> On 04/09/14 19:04, Kurt Seifried wrote:
>> On 04/09/2014 09:23 AM, Anthony Liguori wrote:
>>> Hi,
> 
>>> I would like to request membership to the closed linux-distros 
>>> mailing list on behalf of the Amazon Linux AMI distribution.
>>> We do not currently have anyone on this list from Amazon but
>>> we would like to change that.  The Amazon Linux AMI
>>> distribution is RPM based, optimized for EC2, and tracks a
>>> number of packages (including the kernel) directly from
>>> upstream.
> 
>>> Here is my GPG fingerprint:
> 
>>> pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4
>>> 390F A270 BC30  4A93 1AAD C710 5682 E5FF uid
>>> Anthony Liguori <anthony@...emonkey.ws> sub   2048R/44FFA77F
>>> 2013-07-30
> 
>>> I'm sending this from my personal account since this is the uid
>>>  associated with my GPG key but I would prefer to be subscribed
>>> to my @amazon.com (CC'd here).
> 
>>> If anyone has any questions, please don't hestitate to ask. 
>>> Thanks for your consideration!
> 
>>> Regards,
> 
>>> Anthony Liguori
> 
>> I find it a bit odd you can't send this from your work email 
>> address. Would it be possible to add that email address to your
>> key and then use your work email address?
> 
> We use DKIM which doesn't work very well with all mailing lists.
> You should receive this okay since you are on CC but I'm not sure
> everyone will get this through the mailing list.  If it doesn't
> make it, I'll send this same (signed) message via the
> @codemonkey.ws address.
> 
> I also added this address as a uid to my key.  Here it is again:
> 
> pub   2048R/5682E5FF 2013-07-30 Key fingerprint = EF0F 60F4 390F
> A270 BC30  4A93 1AAD C710 5682 E5FF uid                  Anthony
> Liguori <aliguori@...zon.com> uid                  Anthony Liguori
> <anthony@...emonkey.ws> sub   2048R/44FFA77F 2013-07-30
> 
>> I guess I'm wondering is this an official request on behalf of 
>> Amazon or some random Amazon (employee? contractor?) asking for 
>> access to distros@.
> 
> Yes, this is an official request on behalf of Amazon.  I am
> requesting access on behalf of the Amazon Linux AMI team[1].
> 
> [1] http://aws.amazon.com/amazon-linux-ami/
> 
> Regards,
> 
> Anthony Liguori

So first off I'm inclined to have Amazon on the distros list (same
reasons as Oracle basically).

My only concern is are you the correct person, I have no clue who is
on the Amazon security team for their Linux distribution, I've never
seen you post anything anywhere.

Your search - site:aws.amazon.com Anthony Liguori - did not match any
documents.

Your search - site:aws.amazon.com aliguori@...zon.com - did not match
any documents.

Can we somehow get confirmation from Amazon that this is the right
person to have on distros? Thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTRjLNAAoJEBYNRVNeJnmTWdMQAMyhe8Y5+8mgOMNkFCAhe7ee
u5dAkDGzCeywxNh7W10/9pgcB2raHCNahzEdNWTuc2SvE4Wjc7GLIlTdJ7MWPSYc
xag1ZStqiO0LrxY1CZWe69MAMYDpNo0a5rodxoWRZtrAnQLh7gX3KLcPKdtBHOvI
7GXK9QX0kf6elCmSHumMTvz8nr+mHgD6t1y0YNuj/hzx+9Z5fZoeuCVQdDMp3tdR
8O/gIz7c4HPGGy7CtbF8CYc8cI6tz/OfrxLBbkBY7Xy1+QIqL5Av3dZkX81Oiy6D
X2o8ne96NJ846TUgRavqDFJhJpTodA2i2jOuDp0n+cOCkhUI8L9cqkHyKBCBR5sU
cqzTfl7o39y/CE+fmRI6EvORgoW3mRisUPhoyoz398vcSBzMJGhpUcnIvthCAYs1
LX7yebnRVjTvPwJ3FOYRL+eiutQcN2rMdVsTVoi6EfpIVq1RvU4aNPBM0xmNqIVl
iZj1jQVEkI+7WOK0grjyNks7+uTW0ERD98B25ojehPxkoNyl+tdgsl1Dp1ddX59E
p8YDB1B1/FKGlcP4tKQ0jRxFocgP3N1BY5a1xepVwGwJrYoOubQeg3XX+frzzE4i
rLBtEjgBr6lgLdBt9uG5bAH1vH9WeS/yCDKYwSR0moZxI2TFF1i4J9/oDcqlIOnn
ew+c5LXc8fx2zWChjJsY
=KMGp
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.