Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <538FE2D3.9080203@redhat.com>
Date: Wed, 04 Jun 2014 21:24:03 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com, Monty Ijzerman <mijzerman@...are.com>
CC: Ramon de C Valle <rdecvalle@...are.com>
Subject: Re: Request for linux-distros subscription

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/04/2014 02:41 PM, Raphael Geissert wrote:
> On Wednesday 04 June 2014 12:33:13 Ramon de C Valle wrote:
>> I'd also appreciate comments by others active in this community
>> and would be happy  to answer any questions anyone might have.
> 
> Other than earlier product re-qualification I don't see how you
> could justify joining the list, am I missing something? If that's
> the only reason, I guess a question that should be asked is: is 
> exposing the details to more people actually worth the extra time?
> 
> (speaking for myself here)
> 
> Cheers,
> 

It sounds like adding VMware is not warranted, they don't ship "a
Linux[1]", so I see no compelling reason for them to be added. For the
few Open Source  projects they are involved in, those upstreams are
notified as part of the process of bringing things to the distros list
so that should suffice.

[1] if they are added then by that logic we need to add every product
which has virtualization support or a ported environment that can run
Linux (busybox anyone?) which is basically crazy.

- -- 
Kurt Seifried - Red Hat - Product Security - Cloud stuff and such
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTj+LTAAoJEBYNRVNeJnmTh0sP/j7eJrirtTDEAW9zhhNfZvHf
TK8KnpO//eCz5nM1qIYJwVjfxUp+j+hwaf08/jhRITM086UbBkz915X3hdKpybJF
LKNPmudJn+Z9wxu07tZyT6INnRUX8jVs0RPHE3bDlxhANqhi8HPLHpsyHClEw7KD
XAT/zcn0q3PlVX2XnAFjVvJTkMlLfcZtYt3D2k1Hsj/N0aCFwJT3qM+PAAuWn3nO
za2oj3PeK40XfvolZymHv9Tj1AN1JmezHeqjXVajZ2Hs4ptHGEmqMVEU4URgZ6Pr
2KTD4CDBJnKDHCZ3BbEDbs6rMFRvjc28dRyaR/UEfXjSyE3qd9Uf9d6bb7yQry4K
3j9e4wP8yfYLN582ifIPc/mTs2IiIfL2wh3faujXEvBQjMybFd61hxjCKegHy9gm
d6E3MStfLY32mCWchCYYisszL5sissGCnUGZ8MYTTwk31HlAufVbSVbsTX4uClnf
aMEF8Eu/eyXru7gkXgqS2Bp2FLRgCQb5QUYKTgjD5p+5Xpn/6kwH93jAje/TILQ9
iO9BV8yGIoPnOBf3tovY+mAjPCOT4Rzcwe9oDnm0remL9liCKVoKmUEXFoUs22LW
Shxt0xlu4Eqi9wS5CvfCzApQHwAzvVWIrw4XZqLx9hhzpuOmWtujbYS0fANwNAbM
tgqdUzt30dzhjDm6AsSJ
=Tayi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.