oss-sec mailing list archives
RE: linux-distros list membership application - CloudLinux
From: Bobby Broughton <bobby () preciselymanaged com>
Date: Sun, 2 Jul 2017 18:16:18 +0000
Hey all! I run two businesses, one of which hosts other hosting providers, and we are heavy users of CloudLinux. They work very hard to contribute to fixing issues whether the upstream has fixed it or not, and I see tremendous value in that. I think they should be added. Thanks! Bobby -----Original Message----- From: Solar Designer [mailto:solar () openwall com] Sent: Sunday, July 2, 2017 2:08 PM To: oss-security () lists openwall com Subject: Re: [oss-security] linux-distros list membership application - CloudLinux Hi all, I am inclined to add CloudLinux to the linux-distros list unless there are well-reasoned objections. I'd appreciate any comments. On Sun, Jul 02, 2017 at 05:29:25PM +0300, Igor Seletskiy wrote:
I would like to apply for membership in linux-distros list for CloudLinux OS. Please, see application attached.
Thank you for posting this, Igor. I am most concerned about your answer to:
4. Not be (only) downstream or a rebuild of another distro (or else we need convincing additional justification of how the list membership would enable you to release fixes sooner, presumably not relying on the upstream distro having released their fixes first?)
Our kernel has significant amount of changes comparing to OpenVZ kernel We also do slight modifications to Apache web server, ship customized versions of PHP (multiple versions), python, ruby, MySQL and MariaDB that are packaged by us, and not taken from upstream.
So are you saying that you'll release fixes sooner (once you're on the linux-distros list) only for this subset of packages that are modified or packaged by you? What about the rest?
We would be happy to help with administrative tasks: 1. Promptly review new issue reports for meeting the list's requirements and confirm receipt of the report and, when necessary, inform the reporter of any issues with their report (e.g., obviously not actionable by the distros) and request and/or propose any required yet missing information (most notably, a tentative public disclosure date) 2. If the proposed public disclosure date is not within list policy, insist on getting this corrected and propose a suitable earlier date And possibly more in the future, as we have a better understanding of the amount of work needed to handle those tasks. We will need some handholding at first to make sure we do things correctly.
OK. You'll likely need to choose additional/other tasks very soon since these trivial ones will likely transfer to another new distro joining, if one requests membership and meets the criteria shortly after you.
Please, find PGP related info
Thanks. Out of the people you listed, you and Konstantin appear to have been on oss-security for a long while, but Leonid doesn't appear to be subscribed - or is he? If not, he probably needs to subscribe now. Alexander
Current thread:
- linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 02)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 02)
- RE: linux-distros list membership application - CloudLinux Bobby Broughton (Jul 02)
- Re: linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 02)
- Re: linux-distros list membership application - CloudLinux Dmitry V. Levin (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Leonid Kanter (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 02)
- Re: linux-distros list membership application - CloudLinux Solar Designer (Jul 04)
- Re: linux-distros list membership application - CloudLinux Igor Seletskiy (Jul 04)