Differences

This shows you the differences between two versions of the page.

Link to this comparison view

mailing-lists:distros [2019/08/12 04:50]
solar [Linux distribution security contacts list] added Microsoft Linux Systems Group
mailing-lists:distros [2019/08/12 05:02] (current)
solar [Contributing back] added Microsoft Linux Systems Group for two Administrative tasks as per https://www.openwall.com/lists/oss-security/2019/08/12/1
Line 130: Line 130:
     - Promptly review new issue reports for meeting the list's requirements and confirm receipt of the report and, when necessary, inform the reporter of any issues with their report (e.g., obviously not actionable by the distros) and request and/or propose any required yet missing information (most notably, a tentative public disclosure date/time) //- primary: CoreOS, backup: Oracle//     - Promptly review new issue reports for meeting the list's requirements and confirm receipt of the report and, when necessary, inform the reporter of any issues with their report (e.g., obviously not actionable by the distros) and request and/or propose any required yet missing information (most notably, a tentative public disclosure date/time) //- primary: CoreOS, backup: Oracle//
     - If the proposed public disclosure date is not within list policy, insist on getting this corrected and propose a suitable earlier date //- primary: CoreOS, backup: CloudLinux//​     - If the proposed public disclosure date is not within list policy, insist on getting this corrected and propose a suitable earlier date //- primary: CoreOS, backup: CloudLinux//​
-    - Evaluate if the issue (or one of the issues) is effectively already public (e.g., a fix is committed upstream with a descriptive message) or/and is low severity and thus the report (or its portion pertaining to the issue) should be made public right away for one or both of these reasons, get a few other list members to confirm this understanding,​ and if there are no objections then communicate this strong preference to the reporter //- primary: CloudLinux, backup: ​vacant// +    - Evaluate if the issue (or one of the issues) is effectively already public (e.g., a fix is committed upstream with a descriptive message) or/and is low severity and thus the report (or its portion pertaining to the issue) should be made public right away for one or both of these reasons, get a few other list members to confirm this understanding,​ and if there are no objections then communicate this strong preference to the reporter //- primary: CloudLinux, backup: ​Microsoft Linux Systems Group// 
-    - Evaluate relevance to other parties such as the upstream, other affected distros (not present on the (sub-)list),​ and other Open Source projects, see if the report mentions notifying any of these, communicate your findings and possible concerns to the reporter and the list, and stay on top of the resulting discussion until a decision is made on who else to possibly notify (or not) and any such notifications are in fact made (with the reporter'​s approval)+    - Evaluate relevance to other parties such as the upstream, other affected distros (not present on the (sub-)list),​ and other Open Source projects, see if the report mentions notifying any of these, communicate your findings and possible concerns to the reporter and the list, and stay on top of the resulting discussion until a decision is made on who else to possibly notify (or not) and any such notifications are in fact made (with the reporter'​s approval) ​//- primary: Microsoft Linux Systems Group, backup: vacant//
     - Determine if the reported issues are Linux-specific,​ and if so help ensure that (further) private discussion goes on the linux-distros sub-list only (thus, not spamming and unnecessarily disclosing to the non-Linux distros) //- primary: SUSE, backup: vacant//     - Determine if the reported issues are Linux-specific,​ and if so help ensure that (further) private discussion goes on the linux-distros sub-list only (thus, not spamming and unnecessarily disclosing to the non-Linux distros) //- primary: SUSE, backup: vacant//
     - If multiple issues are reported at once, see if any of them can reasonably be made public sooner than the rest, and if so help untangle them and stay on top of their disclosure process //- primary: CoreOS, backup: CloudLinux//​     - If multiple issues are reported at once, see if any of them can reasonably be made public sooner than the rest, and if so help untangle them and stay on top of their disclosure process //- primary: CoreOS, backup: CloudLinux//​
mailing-lists/distros.txt · Last modified: 2019/08/12 05:02 by solar
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux