[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
|
Hi Agustin,
Can we please add these task to the IT services plan[1] so they can be tracked in a single place for all of Oniro.
I've also had requests to have priorities and completion estimates added to that document. Could you please do that too.
Regards,
Amit
[1] https://gitlab.eclipse.org/eclipse-wg/oniro-wg/products-services-oniro-wg/it-services-oniro-wg/coordination-it-services-oniro-wg/-/blob/main/oniro-it-services-plan.md
> -----Original Message-----
> From: oniro-dev [mailto:oniro-dev-bounces@xxxxxxxxxxx] On Behalf Of
> Agustín Benito Bethencourt
> Sent: 21 July 2022 12:58
> To: oniro-dev@xxxxxxxxxxx
> Subject: Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
>
> Hello,
>
> On Friday, 15 July 2022 14:58:24 CEST Marta Rybczynska wrote:
> > Hello all,
> > Sending to a wider audience my notes from a security tooling meeting.
> >
> > Presents: Agustín Benito Bethencourt, Mikael Barbero, Sebastien
> > Heurtematte, Marta Rybczynska
> >
> > Short term (needed before Oniro Goofy release end of 2022):
> > * Security bugtracker
> > Oniro needs a confidential bugtracker with limited audience. We might
> > have embargoed issues that are on need-to-know basis until the embargo
> > end. This might be highly sensitive and affects devices in the field.
> > Currently in GitLab confidential issues are visible for everyone with
> > Reporter rights and above, so in practice for everyone. For this
> > reason we can't use the regular Oniro project issues for this
> > bugtracker. A solution is to create a separate project with a committer list
> including only the security team.
> >
> > Next steps (Agustin, could you confirm please?) - Marta to write a
> > proposal (a project proposal?)
>
> I have the draft you created on my inbox. Let me give it one last review and
> come back to you.
>
> >
> > * Private forks
> > Working on security issues might require private forks to share code
> > between developers working on the issue, ask a domain expert for
> > advice etc. Commit messages might include sensitive information here -
> > will be cleaned up before submitting the final public patch. This
> > development also happens during the embargo period (see above). The
> > goal is to always release the patch, but the intermediate state might be
> sensitive (in timing and code).
> >
> > Next steps: an IT ticket?
>
> Yes please, at help desk.
>
> Link: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues?
> sort=priority&state=opened
>
> Please link it to the ticket https://gitlab.eclipse.org/eclipsefdn/emo-team/
> emo/-/issues/293 to that ticket you create.
>
> <snip>
>
> Best Regards
>
>
> --
> Agustin Benito Bethencourt
> Oniro Program Manager | Eclipse Foundation Eclipse Foundation: The
> Community for Open Innovation and Collaboration
>
>
>
> _______________________________________________
> oniro-dev mailing list
> oniro-dev@xxxxxxxxxxx
> To unsubscribe from this list, visit https://accounts.eclipse.org
