X-Original-To: alpine-devel@lists.alpinelinux.org Received: from mx1.tetrasec.net (mx1.tetrasec.net [74.117.190.25]) by lists.alpinelinux.org (Postfix) with ESMTP id 5CAA7F84ED0 for ; Thu, 14 Mar 2019 16:11:41 +0000 (UTC) Received: from mx1.tetrasec.net (mail.local [127.0.0.1]) by mx1.tetrasec.net (Postfix) with ESMTP id 042D89E1E0F; Thu, 14 Mar 2019 16:11:41 +0000 (UTC) Received: from ncopa-desktop.copa.dup.pw (67.63.200.37.customer.cdi.no [37.200.63.67]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: alpine@tanael.org) by mx1.tetrasec.net (Postfix) with ESMTPSA id 8E0769E00FA; Thu, 14 Mar 2019 16:11:38 +0000 (UTC) Date: Thu, 14 Mar 2019 17:11:31 +0100 From: Natanael Copa To: Chloe Kudryavtsev Cc: alpine-devel@lists.alpinelinux.org, Daniel Isaksen Subject: Re: [alpine-devel] Teams and organisation (WAS: Fw: Improving cross-distribution security) Message-ID: <20190314171131.5afe7af0@ncopa-desktop.copa.dup.pw> In-Reply-To: <809b52be-9b7a-6e9b-4a57-0ea1c0118954@toastin.space> References: <20190301214806.47a05e54@ncopa-desktop.copa.dup.pw> <809b52be-9b7a-6e9b-4a57-0ea1c0118954@toastin.space> X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-alpine-linux-musl) X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Fri, 1 Mar 2019 21:19:01 -0500 Chloe Kudryavtsev wrote: > > My personal opinion is that we need a team of (at least semi-)dedicated people > > on a Security SIG to first and foremost: > > - Maintain a security advisory program as a service for Alpine users. > > - Make sure we are properly tracking and patching new vulnerabilities, both > > through open-source intelligence and information sharing with other > > distributions. > > > > [1]: https://docs.google.com/document/d/1TIGk24yLdoAC-JAH7IQzCAkxzX_YocUiHVbeSt-WZsk/edit?usp=sharing > > I disagree with your outlined approach, for various reasons. > After a discussion over on IRC, we agreed on a more general team-based > management approach. > Please find the resulting draft proposal here[1]. > > We also both agreed that something along these lines must be done, for > many reasons. > Kaniini has also expressed preemptive support in #alpine-devel. > > Hopefully, a deeper and more detailed discussion will take place (likely > over IRC) within the next few days. > > [1]: https://p.toastin.space/F7MDfw?asciidoc This has been suggested before. Wilcox had some good points and suggestions[1]. And we need this badly. We are not lacking volunteers, but problem is that I have become in a position that everything blocks on me. I want fix that. What would be the simplest way to get this started? We already have a semi-team for infra, with Carlo as team lead. We could probably also get a docs team running immediately, with Chloe as team lead. That would be a good start I think. [1]: http://lists.alpinelinux.org/alpine-devel/5811.html [2]: http://lists.alpinelinux.org/alpine-devel/6215.html -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---