[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
|
Hello,
On Thursday, 21 July 2022 09:58:31 CEST Amit Kucheria wrote:
> Hi Agustin,
>
> Can we please add these task to the IT services plan[1] so they can be
> tracked in a single place for all of Oniro.
These tasks are not restricted to Oniro but to the entire EF. It will require
changes in our existing policies. The IT plan at Oniro is restricted to our
project.
So once it is clear within the EF how to proceed and what activities will be
done for Oniro. they will become part of the IT plan.
>
> I've also had requests to have priorities and completion estimates added to
> that document. Could you please do that too.
Next week I expect to have that document completed, after discussing
internally at EF last week about this topic in our face to face meeting.
>
> Regards,
> Amit
>
> [1]
> https://gitlab.eclipse.org/eclipse-wg/oniro-wg/products-services-oniro-wg/i
> t-services-oniro-wg/coordination-it-services-oniro-wg/-/blob/main/oniro-it-s
> ervices-plan.md
> > -----Original Message-----
> > From: oniro-dev [mailto:oniro-dev-bounces@xxxxxxxxxxx] On Behalf Of
> > Agustín Benito Bethencourt
> > Sent: 21 July 2022 12:58
> > To: oniro-dev@xxxxxxxxxxx
> > Subject: Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
> >
> > Hello,
> >
> > On Friday, 15 July 2022 14:58:24 CEST Marta Rybczynska wrote:
> > > Hello all,
> > > Sending to a wider audience my notes from a security tooling meeting.
> > >
> > > Presents: Agustín Benito Bethencourt, Mikael Barbero, Sebastien
> > > Heurtematte, Marta Rybczynska
> > >
> > > Short term (needed before Oniro Goofy release end of 2022):
> > > * Security bugtracker
> > > Oniro needs a confidential bugtracker with limited audience. We might
> > > have embargoed issues that are on need-to-know basis until the embargo
> > > end. This might be highly sensitive and affects devices in the field.
> > > Currently in GitLab confidential issues are visible for everyone with
> > > Reporter rights and above, so in practice for everyone. For this
> > > reason we can't use the regular Oniro project issues for this
> > > bugtracker. A solution is to create a separate project with a committer
> > > list>
> > including only the security team.
> >
> > > Next steps (Agustin, could you confirm please?) - Marta to write a
> > > proposal (a project proposal?)
> >
> > I have the draft you created on my inbox. Let me give it one last review
> > and come back to you.
> >
> > > * Private forks
> > > Working on security issues might require private forks to share code
> > > between developers working on the issue, ask a domain expert for
> > > advice etc. Commit messages might include sensitive information here -
> > > will be cleaned up before submitting the final public patch. This
> > > development also happens during the embargo period (see above). The
> > > goal is to always release the patch, but the intermediate state might be
> >
> > sensitive (in timing and code).
> >
> > > Next steps: an IT ticket?
> >
> > Yes please, at help desk.
> >
> > Link: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues?
> > sort=priority&state=opened
> >
> > Please link it to the ticket
> > https://gitlab.eclipse.org/eclipsefdn/emo-team/ emo/-/issues/293 to that
> > ticket you create.
> >
> > <snip>
> >
> > Best Regards
> >
> >
> > --
> > Agustin Benito Bethencourt
> > Oniro Program Manager | Eclipse Foundation Eclipse Foundation: The
> > Community for Open Innovation and Collaboration
> >
> >
> >
> > _______________________________________________
> > oniro-dev mailing list
> > oniro-dev@xxxxxxxxxxx
> > To unsubscribe from this list, visit https://accounts.eclipse.org
Best Regards
--
Agustin Benito Bethencourt
Oniro Program Manager | Eclipse Foundation
Eclipse Foundation: The Community for Open Innovation and Collaboration
