Re: [alpine-devel] Fw: Improving cross-distribution security
On 3/1/2019 7:45 PM, Daniel Isaksen wrote:
> This is a great initiative, and we really need to get Working Groups (WGs) /
> Special Interest Groups (SIGs) formally set up. A while ago, I created a draft
> document describing how to create and operate them. If you strongly
> disapprove of Google, email me, and I can return you a PDF copy.
> So, I'll be short: what do you, the Alpine developers, think of this proposal?
> Could any of you help me with said document? I am on the (somewhat loosely
> defined) 'infrastructure team', so I will be able to help out with the technical
> My personal opinion is that we need a team of (at least semi-)dedicated people
> on a Security SIG to first and foremost:
> - Maintain a security advisory program as a service for Alpine users.
> - Make sure we are properly tracking and patching new vulnerabilities, both
> through open-source intelligence and information sharing with other
> : https://docs.google.com/document/d/1TIGk24yLdoAC-JAH7IQzCAkxzX_YocUiHVbeSt-WZsk/edit?usp=sharing
I disagree with your outlined approach, for various reasons.
After a discussion over on IRC, we agreed on a more general team-based
Please find the resulting draft proposal here.
We also both agreed that something along these lines must be done, for
Kaniini has also expressed preemptive support in #alpine-devel.
Hopefully, a deeper and more detailed discussion will take place (likely
over IRC) within the next few days.
Received on Fri Mar 01 2019 - 21:19:01 UTC