Mail archive
alpine-devel

Re: [alpine-devel] Fw: Improving cross-distribution security

From: Chloe Kudryavtsev <toast_at_toastin.space>
Date: Fri, 1 Mar 2019 21:19:01 -0500

On 3/1/2019 7:45 PM, Daniel Isaksen wrote:
> This is a great initiative, and we really need to get Working Groups (WGs) /
> Special Interest Groups (SIGs) formally set up. A while ago, I created a draft
> document[1] describing how to create and operate them. If you strongly
> disapprove of Google, email me, and I can return you a PDF copy.
>
> So, I'll be short: what do you, the Alpine developers, think of this proposal?
> Could any of you help me with said document? I am on the (somewhat loosely
> defined) 'infrastructure team', so I will be able to help out with the technical
> aspect.
>
> My personal opinion is that we need a team of (at least semi-)dedicated people
> on a Security SIG to first and foremost:
> - Maintain a security advisory program as a service for Alpine users.
> - Make sure we are properly tracking and patching new vulnerabilities, both
> through open-source intelligence and information sharing with other
> distributions.
>
> [1]: https://docs.google.com/document/d/1TIGk24yLdoAC-JAH7IQzCAkxzX_YocUiHVbeSt-WZsk/edit?usp=sharing

I disagree with your outlined approach, for various reasons.
After a discussion over on IRC, we agreed on a more general team-based
management approach.
Please find the resulting draft proposal here[1].

We also both agreed that something along these lines must be done, for
many reasons.
Kaniini has also expressed preemptive support in #alpine-devel.

Hopefully, a deeper and more detailed discussion will take place (likely
over IRC) within the next few days.

[1]: https://p.toastin.space/F7MDfw?asciidoc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Fri Mar 01 2019 - 21:19:01 UTC