The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Rackspace spins up OpenStack Foundation

The company has told a small number of OpenStackers, via a confidential email seen byThe Reg, that it is in the process of creating the OpenStack Foundation and will hand over the OpenStacktrademarks and copyrightsto the group. The OpenStack Foundation will go live in 2012.

Trademarks and copyrights for the Apache-licensed OpenStack project are currently owned, administered and enforced by OpenStack LLC, a subsidiary of Rackspace.

The email by Jonathan Bryce, chief technology officer and founder of Rackspace's cloud subsidiary Mosso and OpenStack project policy board chairman did not give a reason why the company is apparently relinquishing control of these assets.

But speaking toThe Reg, Bryce said Rackspace felt the time is right to create a permanent, vendor-neutral and independent home for OpenStack.

The existing OpenStack project policy board, the process of electing individuals to that board, and the project lead structure will remain in place and won't be changed with the new Foundation.

Rackspace will take feedback on what the community wants, but Bryce said Rackspace doesn't want change for the sake of change.

He said the Foundation is significant, though, because the trademarks are the only big piece of IP that exist around OpenStack because the code lives under an Apache licence.

Rackspace president for cloud and chief strategy officer Lew Moorman, who unveiled the OpenStack project at OSCON in 2010, will announce the OpenStack Foundation at the OpenStack design summit and conference underway in Boston, Massachusetts, on Thursday.

The hosting firm will use the conference to take feedback on the Foundation's structure starting with an hour-longgovernance sessionon Thursday afternoon.

Who controls the trademarks and copyrights of open-source projects is a sensitive subject. It speaks volumes about who is in charge, whether a project can actually be considered free and in the hands of individual members.

Oracle refused to relinquish control over the trademark and copyrights of the OpenOffice project last year leading to a fork and the creation of the independent LibreOffice. The database giant also sought similar control over the Hudson build management system in a clumsy land grab that saw almost all Hudson contributors walk out and set up the rival Jenkins project.

Rackspace has taken considerable flack for exerting too much control over the management structure of the project running OpenStack; it will be willing to avoid stumbling down the same path as Oracle on a project it has staked so much on.

The OpenStack Foundation comes as Red Hat has spun up the Aeolus cloud project and positioned it as OpenStack "done right": Aeolus is a management tool being built to work with different clouds, rather than providing yet another cloud option as OpenStack is doing. Also: Red Hat's goal is to attract code contributions from across a broad community, rather than a few very active participants as has happened at OpenStack.

Red Hat was invited by Rackspace to join OpenStack in the project's early days but the Linux outfit turned it down because the governance model didn't allow for contributions that would have suited its customers, and that the project was controlled too tightly by one vendor: Rackspace.

Bryce denied that the creation of the Foundation is a response to Red Hat, saying it had been part of the project's original objective.

Mark Collier, Rackspace vice president of marketing and business development, said that while Rackspace was seen to be doing the right thing among OpenStackers with regard to the project, control of the trademark was a concern.

"It is a concern that people have raised based on the behavior of other companies," he said. "Just the potential for abuse would make people nervous. We felt this was not something that was unsolvable it could be solved through a Foundation."

While Rackspace is apparently attempting to loosen things up, it has emailed a select number of people about the Foundation's genesis, and there's therefore a risk that people will accuse the company of once again determining what's right for OpenStack.

Bryce emailed just 13 individuals about Rackspace's plans. Making the cut were Rackspacers developing the OpenStack code for his company; some members of the OpenStack project policy board; OpenStack project leads ofSwift,Nova computeand Glance; plus OpenStack leaders at Hewlett-Packard and Citrix Systems and two OpenStack start-ups.

In his email, Bryce had asked recipients to keep news of the Foundation quiet until Moorman's announcement on Thursday so as not to distract, he said, from discussions at the event over features in next version of OpenStack codenamed Essex and expected in the second quarter of 2012.

Bryce had said in his email: "We have quite a few ideas about structure and operation, but mainly we want to announce the intention and then flesh out the plans and implementation together with the rest of the community."

Ongoing discussion is planned to take place after the Essex summit and conference.

Source: http://www.theregister.co.uk/

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015