oss-sec mailing list archives
Re: Membership application for linux-distros - VMware
From: "Srivatsa S. Bhat" <srivatsa () csail mit edu>
Date: Wed, 6 Nov 2019 00:00:44 -0800
Hi Alexander, On 11/5/19 10:04 AM, Solar Designer wrote:
On Mon, Nov 04, 2019 at 03:03:42PM -0800, Srivatsa S. Bhat wrote:I'd like to sign up as primary for Administrative 5: "Determine if the reported issues are Linux-specific... ", and as backup for Technical 4. "Check if related issues exist in the same piece of software...".Great. VMware Photon OS is now signed up for those.
Thank you!
SUSE is now backup (was primary) for Administrative 5: "Determine if the reported issues are Linux-specific ..."(I did consider the other task that you brought up, namely Technical 6, but I think we'd need more experience on the list before we can sign up for that task).I thought so too, which is a reason why I also directed that request to other distros reading our discussion.Also, is there a write-up somewhere that defines exactly what primary and backup means in this context?No.At the moment, I'm assuming that, for a given task, the primary distro will take up that task for every issue that gets posted onto linux-distros; and in case the primary is unavailable (due to vacation/travel etc), then the backup will step up for that task until the primary gets back. Is that how it works?Yes, and besides that I also expect the backup to watch the list for related aspects of issues that the primary might have missed or misunderstood or mishandled, and chiming in as necessary to correct that. For example, let's take Administrative task 1: "Promptly review new issue reports for meeting the list's requirements and confirm receipt of the report and, when necessary, inform the reporter of any issues with their report (e.g., obviously not actionable by the distros) and request and/or propose any required yet missing information (most notably, a tentative public disclosure date/time) - primary: CoreOS, backup: Oracle" Given this, I expect that if there's no response to the issue reporter and the list by CoreOS within a day, Oracle would respond in their place even if these distros had not negotiated/announced any vacation/travel beforehand. (We tell reporters that they should expect a response within 48 hours, which leaves about one day for the primary to respond and another day for the backup to respond in their place if the primary did not.) Similarly, I'd expect Oracle to send a follow-up message to the reporter and the list if CoreOS' response is missing required information or questions/requests - e.g., the report didn't have a tentative public disclosure date/time yet CoreOS didn't request that. I'd also expect Oracle to chime in if they find CoreOS' response wrong - e.g., if it acknowledged the embargo, whereas Oracle finds the issue "obviously not actionable by the distros".
Thanks a lot for explaining the roles of primary and backup with such detail and clarity!
If so, will we get to know the contact details of other distros so that we can coordinate our schedules?Yes, but per the above that isn't enough, and it's also less important than you might have expected. For distros with more than one person subscribed, my expectation is that they'll almost always be around to handle whatever they volunteered for, and the backup's role is primarily in making sure that the work is being done correctly all the time.
That seems fair, thank you!
On a related note, would it be okay for me to request another member of the Photon OS team (whom I can vouch for), to be added to the linux-distros list, so that we can have at least one person from our team always available to take action for our distro, in response to the issues disclosed on the list?Yes.
Great! I'd like to request that Alexey Makhalov (amakhalov () vmware com) from the Photon OS team be added to the linux-distros list. I have worked with Alexey closely for several years and I'm happy to vouch for him. Thank you! Regards, Srivatsa VMware Photon OS
Current thread:
- Re: Membership application for linux-distros - VMware Srivatsa S. Bhat (Nov 04)
- Re: Membership application for linux-distros - VMware Solar Designer (Nov 05)
- Re: Membership application for linux-distros - VMware Srivatsa S. Bhat (Nov 06)
- Re: Membership application for linux-distros - VMware Solar Designer (Nov 06)
- Re: Membership application for linux-distros - VMware Srivatsa S. Bhat (Nov 06)
- <Possible follow-ups>
- Re: Membership application for linux-distros - VMware Srivatsa S. Bhat (Nov 04)
- Re: Membership application for linux-distros - VMware Solar Designer (Nov 05)