[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [oniro-dev] [oniro-wg] Oniro security process update
|
We have this ticket to track down the topic https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/1709
We also have this discussed as part of the initiative for revising vulnerability reporting practices. An RFC has been published here https://docs.google.com/document/d/1Cv9PIpzVVhKOSLJP1Qc9RTorvhEDkCcuY3F8-Z8jNnQ/edit#
Feel free to comment on the ticket or the document.
Thanks!
Mikaël Barbero
Head of Security | Eclipse Foundation 🐦 @mikbarbero
On 17 Nov 2022, at 14:07, Mikael Barbero <mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx> wrote:
We have this ticket to track down the topic https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/1709
We also have this discussed as part of the initiative for revising vulnerability reporting practices. An RFC has been published here https://docs.google.com/document/d/1Cv9PIpzVVhKOSLJP1Qc9RTorvhEDkCcuY3F8-Z8jNnQ/edit#
Feel free to comment on the ticket or the document.
Thanks!
Mikaël Barbero
Head of Security | Eclipse Foundation 🐦 @mikbarbero
On 17 Nov 2022, at 13:25, Agustín Benito Bethencourt <agustin.benito@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello Marta and Mikael,On Wednesday, 16 November 2022 07:09:30 CET Marta Rybczynska wrote:Thank you Andrei.
It means that we have Andrei and me as candidates. We should have a vote now. Agustin, do we have a way to create a custom vote, or we just use the mailing list?
I understand this is a purely technical topic so the team should be selected among developers. I assume then that PMC is a good place to deal with this topic.So removing oniro-wg from the thread.@Mikael, maybe we should consult this specific point with EMO. I assume they would like to go a process that can be extensible to any project. If yes, should I open a ticket to EMO or would you?Maybe we can think of the figure of the security coordinator. Given how security in open source works, you might need somebody empowered to represent the project in this topic outside EF. Maybe the project lead could be another option. This figure would also help EF to have ambassadors within the projects to promote good practices. Also a group of subject matter experts the EF security team can work with on a more regular basis. Kind regards, Marta
On Fri, 4 Nov 2022 at 18:16, Andrei Gherzan <andrei.gherzan@xxxxxxxxxx>
wrote:
Hi Marta,
I’m happy to help with the security efforts as needed. I’ve also added some small comments in the mentioned merge request.
Regards,
Andrei
*From:* oniro-wg [mailto:oniro-wg-bounces@xxxxxxxxxxx] *On Behalf Of *Marta Rybczynska *Sent:* 03 November 2022 09:38 *To:* onirocore developer discussions <oniro-dev@xxxxxxxxxxx>; Oniro Working Group <oniro-wg@xxxxxxxxxxx>; mikael.barbero@xxxxxxxxxxxxxxxxxxxxxx *Subject:* [oniro-wg] Oniro security process update
Dear all,
With the setup of the private bugtracker, there are some updates to make in our security processes. Here is the related merge request:
https://gitlab.eclipse.org/eclipse/oniro-core/docs/-/merge_requests/34
This is also a good moment to set up the security team. When we've made a call for volunteers some time ago, we had: Pavel Z, Nat, Bero and me. WIth the changes in the project it makes sense in my opinion to launch another call. Who would like to take part in the security team?
Please note that we have decided to have at least two people.
Kind regards,
Marta _______________________________________________ oniro-dev mailing list oniro-dev@xxxxxxxxxxx To unsubscribe from this list, visit https://accounts.eclipse.org
Best Regards-- Agustin Benito BethencourtOniro Program Manager | Eclipse FoundationEclipse Foundation: The Community for Open Innovation and Collaboration
|
Attachment:
signature.asc
Description: Message signed with OpenPGP