Just to confirm, I'm more than happy to vouch for Michel, Davide, and
Neal. I've been working with all 3 for a couple of years now and
they're an excellent fit for the list.
On 7/10/2024 6:54 PM, Michel Lind wrote:
Hi Demi, Mark,
On Wed, Jul 10, 2024 at 04:15:33PM -0500, Mark Esler wrote:
On Wed, Jul 10, 2024 at 03:51:44PM -0400, Demi Marie Obenour wrote:
On Wed, Jul 10, 2024 at 11:23:56AM -0500, Michel Lind wrote:
I am submitting this application on behalf of CentOS Project's Hyperscale SIG.
Myself (Michel Lind), as well as Davide Cavalca and Neal Gompa (SIG co-chairs),
would be joining if approved.
https://sigs.centos.org/hyperscale/sig/membership/
I know that at least Neal Gompa is also a Fedora developer. Would it
be permissible for him to also handle security patches for Fedora, if
Fedora is also affected?
All three of us are Fedora developers - but AIUI, we will not and can not use
membership here to contribute Fedora patches - until the embargo is
over.
For Hyperscale itself we plan to use the head start to have local builds
ready to go, and commit and do a public build as soon as the embargo is
over; if it needs collaboration we can use private Git repos and E2EE
private chats to discuss the fix among ourselves.
This is, to the best of my knowledge, similar to how AlmaLinux handles
embargoed security issues - the fix is ready to go but is only made
available once the embargo is lifted.
Now - wearing our Fedora hats, we certainly would try and help get this
fixed in Fedora once the embargo is over (as we've done before) - and
knowing a CVE is going to be made public would certainly help (e.g.
trying to make sure one of us is around) - but we won't be participating
in the list wearing our Fedora hat, or discuss embargoed issues with
people not on the list.
I am curious what this could mean for Fedora Asahi Remix [0], as the
applicants maintain both distros.
Is there interest in the Asahi SIG applying as well?
I heartily endorse the applicants membership request and appreciate
their work. Hooray for ARM \o/
So... if this works for Hyperscale, we could potentially discuss with
other Fedora developers about having Fedora itself be represented in
linux-distros. Something to bring up at Flock! There's already some
discussion of this in the Fedora Security Matrix room w.r.t. last week's
OpenSSH CVE.
Best regards,
