Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022

From: Agustín Benito Bethencourt <agustin.benito@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 21 Jul 2022 09:27:43 +0200
Delivered-to: oniro-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/oniro-dev/>
List-help: <mailto:oniro-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/oniro-dev>, <mailto:oniro-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/oniro-dev>, <mailto:oniro-dev-request@eclipse.org?subject=unsubscribe>
Organization: Eclipse Foundation

Hello,

On Friday, 15 July 2022 14:58:24 CEST Marta Rybczynska wrote:
> Hello all,
> Sending to a wider audience my notes from a security tooling meeting.
> 
> Presents: Agustín Benito Bethencourt, Mikael Barbero, Sebastien Heurtematte,
> Marta Rybczynska
> 
> Short term (needed before Oniro Goofy release end of 2022):
> * Security bugtracker
> Oniro needs a confidential bugtracker with limited audience. We might have
> embargoed issues that are on need-to-know basis until the embargo end. This
> might be highly sensitive and affects devices in the field. Currently in
> GitLab confidential issues are visible for everyone with Reporter rights
> and above, so in practice for everyone. For this reason we can't use the
> regular Oniro project issues for this bugtracker. A solution is to create a
> separate project with a committer list including only the security team.
> 
> Next steps (Agustin, could you confirm please?) - Marta to write a proposal
> (a project proposal?)

I have the draft you created on my inbox. Let me give it one last review and 
come back to you.

> 
> * Private forks
> Working on security issues might require private forks to share code between
> developers working on the issue, ask a domain expert for advice etc. Commit
> messages might include sensitive information here - will be cleaned up
> before submitting the final public patch. This development also happens
> during the embargo period (see above). The goal is to always release the
> patch, but the intermediate state might be sensitive (in timing and code).
> 
> Next steps: an IT ticket?

Yes please, at help desk.

Link: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues?
sort=priority&state=opened

Please link it to the ticket https://gitlab.eclipse.org/eclipsefdn/emo-team/
emo/-/issues/293 to that ticket you create.

<snip>

Best Regards


-- 
Agustin Benito Bethencourt
Oniro Program Manager | Eclipse Foundation
Eclipse Foundation: The Community for Open Innovation and Collaboration

Follow-Ups:
- Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
  - From: Marta Rybczynska
- Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
  - From: Amit Kucheria

References:
- [oniro-dev] Security tooling meeting minutes June 29th, 2022
  - From: Marta Rybczynska

Prev by Date: [oniro-dev] Fwd: Leda (SDV) - Oniro: introduction
Next by Date: Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
Previous by thread: [oniro-dev] Security tooling meeting minutes June 29th, 2022
Next by thread: Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
Index(es):
- Date
- Thread

Breadcrumbs