[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [oniro-dev] Security tooling meeting minutes June 29th, 2022
|
Hello,
On Friday, 15 July 2022 14:58:24 CEST Marta Rybczynska wrote:
> Hello all,
> Sending to a wider audience my notes from a security tooling meeting.
>
> Presents: Agustín Benito Bethencourt, Mikael Barbero, Sebastien Heurtematte,
> Marta Rybczynska
>
> Short term (needed before Oniro Goofy release end of 2022):
> * Security bugtracker
> Oniro needs a confidential bugtracker with limited audience. We might have
> embargoed issues that are on need-to-know basis until the embargo end. This
> might be highly sensitive and affects devices in the field. Currently in
> GitLab confidential issues are visible for everyone with Reporter rights
> and above, so in practice for everyone. For this reason we can't use the
> regular Oniro project issues for this bugtracker. A solution is to create a
> separate project with a committer list including only the security team.
>
> Next steps (Agustin, could you confirm please?) - Marta to write a proposal
> (a project proposal?)
I have the draft you created on my inbox. Let me give it one last review and
come back to you.
>
> * Private forks
> Working on security issues might require private forks to share code between
> developers working on the issue, ask a domain expert for advice etc. Commit
> messages might include sensitive information here - will be cleaned up
> before submitting the final public patch. This development also happens
> during the embargo period (see above). The goal is to always release the
> patch, but the intermediate state might be sensitive (in timing and code).
>
> Next steps: an IT ticket?
Yes please, at help desk.
Link: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues?
sort=priority&state=opened
Please link it to the ticket https://gitlab.eclipse.org/eclipsefdn/emo-team/
emo/-/issues/293 to that ticket you create.
<snip>
Best Regards
--
Agustin Benito Bethencourt
Oniro Program Manager | Eclipse Foundation
Eclipse Foundation: The Community for Open Innovation and Collaboration