|[eclipse.org-architecture-council] [Bug 337004] New: Eclipse Security Policy and Procedures|
https://bugs.eclipse.org/bugs/show_bug.cgi?id=337004 Product/Component: Community / Architecture Council Summary: Eclipse Security Policy and Procedures Classification: Eclipse Foundation Product: Community Version: unspecified Platform: PC OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: Architecture Council AssignedTo: eclipse.org-architecture-council@xxxxxxxxxxx ReportedBy: wayne@xxxxxxxxxxx One more thing for our plate: I need to draft a security policy and procedures document, and I'd like your help. The motivation here is that we have discovered a handful of security issues across several projects. As our projects continue to diversify and find adoption in diverse areas, we expect that additional security issues will be uncovered. We at the Foundation would rather like to be prepared to deal with these issues. Of course, we need to balance this with the ever-increasing demands on project resources, so I do intend to be sensitive to that. As for a policy, the expect that our eclipse.org-wide policy will be something along the lines of "We care about security" as it is impossible for eclipse.org to implement specific policies with regard to timeliness of fixes, rebuilds, and that sort of thing. Ultimately, the response to a disclosed security issue is wholly dependent on the individual projects. In that regard, I'm thinking that we'd all be better served by a well-documented set of best practices for dealing with security issues, coupled with support processes and infrastructure where possible/sensible. To keep the scope of this bug as focussed as possible, I'd like to restrict the conversation here to that of actual policy, and I'll open subtasks/blocker bugs to cover discussion of specific procedures/best practices. -- Configure bugmail: https://bugs.eclipse.org/bugs/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
Back to the top