Dear Natanael!
I am interested to volunteer in that area.
Perhaps, we may have
- security alert mailing list
- wiki-like system for security alert log and related recommendations,
tasks and code/packages updates references
Iljya
> Security manager> ================> This role means following security lists and figure out what things> affects us. then take the neccessary steps to make sure those bugs are> fixed and make annoucements etc. I think we would need a security> mailing list and some kind of bug database. This roel does not really> require any coding skills either, but it requires interest for security> issues, bugs etc.>>
On Mon, 2009-03-09 at 15:51 +0300, Ilya Strelkin wrote:
> Dear Natanael!> > I am interested to volunteer in that area.
ok. nice!
> Perhaps, we may have > - security alert mailing list
Any sugguestion to the name of such mailing list? we currently only have
alpine-devel.
> - wiki-like system for security alert log and related> recommendations, tasks and code/packages updates references
Do you have any suggestions what wiki (or other system) we can use for
this?
To me it sounds more like a news site or similar. The wiki idea is that
anybody can modify contents and i doubt we want security alerts be
modified by anonymous.
This should probably be integrated with the bugtracker (whatever we end
up with).
> > Iljya> > > > > > > Security manager> ================> This role means following security lists and figure out what> things> affects us. then take the neccessary steps to make sure those> bugs are> fixed and make annoucements etc. I think we would need a> security> mailing list and some kind of bug database. This roel does not> really> require any coding skills either, but it requires interest for> security> issues, bugs etc.> > > >
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---
> Any sugguestion to the name of such mailing list? we currently only have> alpine-devel.alpine-security[-alert]@lists.alpinelinux.org
or since "alpine" word is already in then just
security-alerts@lists.alpinelinux.orgsecurity-advisory@lists.alpinelinux.orgsecurity-notifications@lists.alpinelinux.org> > - wiki-like system for security alert log and related> > recommendations, tasks and code/packages updates references>> Do you have any suggestions what wiki (or other system) we can use for> this?
1. Sputnik - LUA based - simple but yet powerful, inlcudes bugtracker (
http://spu.tnik.org)
2. TikiWiki - includes Forums, Blogs, Image Gallery, Bug tracker
3. MediaWiki - it is well known and feature rich system
Also there are several good CMS, but they ussually require heavy web
technologies..
> To me it sounds more like a news site or similar. The wiki idea is that> anybody can modify contents and i doubt we want security alerts be> modified by anonymous.
You are right, although wiki systems have "open" nature but proper ACL
solves problem. The idea is the ability to modify content easy but securely!
>> This should probably be integrated with the bugtracker (whatever we end> up with).
yes. Sputnik or TikiWiki have intergated BugTracker.
Iljya
On Wed, 2009-03-11 at 13:35 +0300, Ilya Strelkin wrote:
> > Any sugguestion to the name of such mailing list? we currently> only have> alpine-devel.> > alpine-security[-alert]@lists.alpinelinux.org> > or since "alpine" word is already in then just> > security-alerts@lists.alpinelinux.org> security-advisory@lists.alpinelinux.org> security-notifications@lists.alpinelinux.org
I'm ok with any of those names. security-alerts is shortest so i'd go
for that.
> > - wiki-like system for security alert log and related> > recommendations, tasks and code/packages updates references> > > Do you have any suggestions what wiki (or other system) we can> use for> this?> > 1. Sputnik - LUA based - simple but yet powerful, inlcudes bugtracker> (http://spu.tnik.org)> 2. TikiWiki - includes Forums, Blogs, Image Gallery, Bug tracker> 3. MediaWiki - it is well known and feature rich system
we use mediawiki today.
> Also there are several good CMS, but they ussually require heavy web> technologies..> > To me it sounds more like a news site or similar. The wiki> idea is that> anybody can modify contents and i doubt we want security> alerts be> modified by anonymous.> > You are right, although wiki systems have "open" nature but proper ACL> solves problem. The idea is the ability to modify content easy but> securely!
The goal with those things are to make it clear that we take security
seriously. It should give users, decision makers trust.
What I am sceptic about with the concept wiki is that people think of it
as something you can not trust 100% since anyone can change it (even if
that is not the case ofcourse). So I think that if we say "for security
information see wiki" will give a non-trust impression, if you
understand.
I 100% agree with it must be easy to maintain and update, and it might
be a wiki. I just think we cannot make it very visible that it is a
wiki.
> > > > > This should probably be integrated with the bugtracker> (whatever we end> up with).> > yes. Sputnik or TikiWiki have intergated BugTracker.
I think we will end up with redmine for bugtracking, which have an
integrated wiki.
We have a test here:
http://redmine.nethq.net
If you really want a wiki, do you think that wiki could work? I doubt
that we can hide that it is a wiki, but...
we could have a look at what other projects do too, i.e ubuntu, debian,
openbsd, ipcop etc.
> > Iljya
thanks!
---
Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org
Help: alpine-devel+help@lists.alpinelinux.org
---