Re: CoreOS membership to linux-distros

[Sven Dowideit <sven () rancher com>]

I'm also curious to know where the lines are.


I'm responsible for RancherOS, and think that both I, and my users would prefer that I had access to the embargoed 
information earlier, so preparing a response would have been less of a rush.


One of the things that would have made my last week less worrying, is to have some access to exploit code - so as to 
verify the changes actually had a useful effect.


RancherOS is a container oriented micro-linux distro with uptake in hybrid and on-premis clouds

We have the beginnings of an advisory page at http://rancher.com/docs/os/security/

And are happy to comply with embargos.

Also - keep up the awesome work - its impressive!


________________________________
From: Euan Kemp <euan.kemp () coreos com>
Sent: 27 June 2017 15:52:49
To: oss-security () lists openwall com
Subject: Re: [oss-security] CoreOS membership to linux-distros

On 06/27/2017 03:13 PM, Kurt Seifried wrote:
> My main question would be what expertise do you have in helping with
> security issues, e.g. kernel/glibc/other engineering talent? Or do you
> simply need this as a consumer of such data (e.g. so you can get containers
> ready to respin for embargoed issues, and to be clear, I'm not opposed to
> this type of consumption if it's in the public interest, you won't break
> embargoes, etc.).

To clarify your example, we're primarily concerned with preparing
updates for our distribution's kernel and userland, not for containers.

We'd be happy to help when we're able to, but our intent is mainly
consumption for the security of our users.
We'll, of course, respect embargoes.

- Euan