oss-sec mailing list archives
Re: NetBSD/pkgsrc membership on distros list
From: Alistair Crooks <agc () pkgsrc org>
Date: Tue, 16 May 2017 10:04:12 -0700
Yeah, we're here, we are the same as previously, still trying to go about our business with maximum effect and minimal fuss, and we're listening. We haven't contributed anything (much) recently, but we don't really go in for massive "me too"s, and had kinda hoped that the "no drama" approach would work here. It seems my assumptions were wrong. I will attempt to do a better job at posting - sorry about that, mea culpa. What are we doing these days? We're looking into the pre-announcement that everyone else is looking at for NetBSD, and pkgsrc is even more vibrant than ever, runs on a huge number of platforms, and is still reporting CVEs in the usual way - we were told some minor Linux distributions use the pkgsrc notification mechanism, so, for their sakes, I'd ask that you continue to keep us in the loop, please. With thanks (for the support you give), Alistair On 16 May 2017 at 08:39, Solar Designer <solar () openwall com> wrote:
Hi, A few individuals from/for NetBSD/pkgsrc joined the non-public distros list a while ago. Unfortunately, lately they appear to have become inactive. Thus, I am likely to remove NetBSD/pkgsrc from the distros list soon unless the membership is "renewed" through demonstrated interest and vulnerability response by specific people from there. I notice NetBSD security team is still active in terms of issuing of public security advisories (latest one posted on March 24), but the way the situation looks to me (and I admit I could be wrong) those advisories are not produced by the same people who had joined distros. So maybe NetBSD needs to nominate their currently active security people for distros membership on behalf of their project. I could figure out who the active NetBSD security people are now and approach them, but that's mostly not how distros membership applications worked so far - specifically, I'd like membership to be requested by each distros' security team. I don't want to be pinging them about it myself, as that could result in some joining just because they were invited/reminded like that rather than because of genuine interest. Similarly, I intentionally don't CC this posting to anyone - if someone (perhaps from NetBSD) is not in here, then even if they're doing security response for their distro they are not an ideal representative for their distro on the distros list. That's because we assume that the distro also keeps track of whatever issues are being made public on oss-security (with most of those issues never having been brought up on the distros list, so by being only on distros the person would miss most issues they might need to deal with). If anyone from NetBSD who is on oss-security has anything relevant to say on this, please speak up. Thanks, Alexander
Current thread:
- NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
- Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
- Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
- Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
- Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
- Re: NetBSD/pkgsrc membership on distros list Solar Designer (May 16)
- Re: NetBSD/pkgsrc membership on distros list Alistair Crooks (May 16)
- Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)
- Re: NetBSD/pkgsrc membership on distros list Christos Zoulas (May 16)