lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 24 Jan 2023 02:39:53 +0000
From:   Matthew Wilcox <willy@...radead.org>
To:     Luis Chamberlain <mcgrof@...nel.org>
Cc:     Greg KH <gregkh@...uxfoundation.org>,
        Konstantin Ryabitsev <mricon@...nel.org>,
        Tom Lendacky <thomas.lendacky@....com>,
        Catalin Marinas <catalin.marinas@....com>,
        Anton Blanchard <anton@...ux.ibm.com>,
        Trilok Soni <tsoni@...eaurora.org>,
        James Morris <jamorris@...ux.microsoft.com>, corbet@....net,
        javier.gonz@...sung.com, linux-doc@...r.kernel.org,
        a.manzanares@...sung.com, dave@...olabs.net,
        darren@...amperecomputing.com, ndesaulniers@...gle.com,
        gost.dev@...sung.com, linux-kernel@...r.kernel.org,
        Luis Chamberlain <mcgrof.c@...sung.com>
Subject: Re: [PATCH] docs: embargoed-hardware-issues: add embargoed HW
 contact for Samsung

On Mon, Jan 23, 2023 at 01:48:03PM -0800, Luis Chamberlain wrote:
> > > @@ -251,6 +251,7 @@ an involved disclosed party. The current ambassadors list:
> > >    IBM Z		Christian Borntraeger <borntraeger@...ibm.com>
> > >    Intel		Tony Luck <tony.luck@...el.com>
> > >    Qualcomm	Trilok Soni <tsoni@...eaurora.org>
> > > +  Samsung       Javier González <javier.gonz@...sung.com>
> 
> I'll send a fix on v2.
> 
> BTW while at it, it got me wondering, since most of the emails on
> this hw embargo page are not required to have kernel.org accounts

This isn't the list of hw embargo people.  This is the list of
"ambassadors" who can help people work through the security disclosure
process.  My impression is that it's to tell me that I should contact
Konrad, since he also works at Oracle, to help me through the process.
It's not for people outside Oracle to contact.

If I have the wrong impression of that list, perhaps the description
could be clarified.

> not all of the folks on that page have a PGP key on the pgpkeys git
> tree [0]. Today we constrain kernel.org accounts to folks that send
> pull requests to Linus. Not all folks on the embargo list need to also
> be active kernel developers. Given the issues reported before by Konstantin
> on PGP keyservers we rely on our own git tree for keys we wish to get access
> to in our community. The below email addresses do not have any PGP
> key associated on the pgpkeys tree as of this day.
> 
>   * Tom Lendacky <thomas.lendacky@....com>
>   * Catalin Marinas <catalin.marinas@....com>
>   * Anton Blanchard <anton@...ux.ibm.com>
>   * Trilok Soni <tsoni@...eaurora.org>
>   * James Morris <jamorris@...ux.microsoft.com
> 
> So it occurs to me to perhaps modify pgpg keys documentation to welcome
> community related keys to at least include folks like the above for the
> hw embargo emails should communication via PGP be required. Thoughts?
> 
> [0] https://git.kernel.org/pub/scm/docs/kernel/pgpkeys.git
> 
>   Luis

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ