Mail archive

Re: [alpine-devel] Teams and organisation (WAS: Fw: Improving cross-distribution security)

From: Natanael Copa <>
Date: Thu, 14 Mar 2019 17:11:31 +0100

On Fri, 1 Mar 2019 21:19:01 -0500
Chloe Kudryavtsev <> wrote:

> > My personal opinion is that we need a team of (at least semi-)dedicated people
> > on a Security SIG to first and foremost:
> > - Maintain a security advisory program as a service for Alpine users.
> > - Make sure we are properly tracking and patching new vulnerabilities, both
> > through open-source intelligence and information sharing with other
> > distributions.
> >
> > [1]:
> I disagree with your outlined approach, for various reasons.
> After a discussion over on IRC, we agreed on a more general team-based
> management approach.
> Please find the resulting draft proposal here[1].
> We also both agreed that something along these lines must be done, for
> many reasons.
> Kaniini has also expressed preemptive support in #alpine-devel.
> Hopefully, a deeper and more detailed discussion will take place (likely
> over IRC) within the next few days.
> [1]:

This has been suggested before. Wilcox had some good points and

And we need this badly. We are not lacking volunteers, but problem is
that I have become in a position that everything blocks on me. I want
fix that.

What would be the simplest way to get this started? We already have a
semi-team for infra, with Carlo as team lead.

We could probably also get a docs team running immediately, with Chloe
as team lead.

That would be a good start I think.



Received on Thu Mar 14 2019 - 17:11:31 UTC