[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] administrative tasks (was: illumos (or at least danmcd) membership in the distros
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2023-09-26 23:04:28
Message-ID: dd528c33-b4a1-4e4e-b8f5-7103be42ad95 () oracle ! com
[Download RAW message or body]
On 9/25/23 12:23, Solar Designer wrote:
> Administrative tasks mostly unrelated to (linux-)distros lists (but
> relevant to the wider community)
>
> 1. Help ensure that each message posted to oss-security contains the
> most essential information (e.g., vulnerability detail and/or exploit)
> directly in the message itself (and in plain text) rather than only by
> reference to an external resource, and add the missing information
> (e.g., in your own words, by quoting with proper attribution, and/or by
> creating and attaching a properly attributed text/plain export of a
> previously referenced web page) and remind the original sender of this
> requirement (for further occasions) in a "reply" posting when necessary
> - primary: Oracle Solaris, backup: Container-Optimized OS
>
> 2. Develop tools to help with the above (crawl URLs in messages and
> produce draft follow-ups for manual editing+posting)
>
> 3. Monitor for Open Source security issues/topics published elsewhere,
> identify which of these would fit, and bring them to oss-security
>
> 4. Develop tools to help with the above (automatically monitor Open
> Source projects' and other relevant third-party mailing lists, websites,
> social media, source code repositories, releases for likely Open Source
> security issues/topics)
>
> 5. Directly encourage upstreams, researchers, umbrella organizations,
> packagers, distros, etc. to report to the lists
>
> 6. Suggest and provide examples of quality improvements for such reports
> (beyond them containing the most essential information)
>
> 7. Set up and maintain more reliable oss-security Twitter/Mastodon
> feed(s) (the existing Twitter feed occasionally misses messages)
>
> 8. Set up and maintain new curated "best of oss-security"
> Twitter/Mastodon feed(s)
>
> Out of these, items 1 and 3 existed before, and I see Alan Coopersmith
> from Oracle Solaris help with item 3 (thank you, Alan!), e.g.:
>
> https://www.openwall.com/lists/oss-security/2023/07/27/1
> https://www.openwall.com/lists/oss-security/2023/06/20/6
> https://www.openwall.com/lists/oss-security/2023/04/12/4
>
> but somehow not with item 1 - maybe it's some confusion, which we should
> correct? I don't recall Container-Optimized OS actually doing anything
> on item 1, where they're backup. Please correct me if I'm wrong (just
> didn't notice/recall something). Maybe we should free item 1 up for new
> volunteers now.
Apologies, I may have misremembered exactly what I supposed to be doing at some
point, and in hindsight, much of what I have done was closer to #6 than #1:
https://www.openwall.com/lists/oss-security/2022/01/25/15
https://www.openwall.com/lists/oss-security/2022/10/12/2
https://www.openwall.com/lists/oss-security/2023/01/31/7
but I at least did some of #1 if you look far enough back:
https://www.openwall.com/lists/oss-security/2022/08/09/1
I've also tried to set a good example in the messages I post on behalf of X.Org.
I'd be happy to pass on #1 to someone else and continue doing #3. I don't have
the bandwidth to write tools to automate it though (#4) - I mostly monitor
chatter on twitter & mastodon, watch the newly published CVE list, and monitor
updates to https://salsa.debian.org/security-tracker-team/security-tracker.git.
--
-Alan Coopersmith- alan.coopersmith@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic