4 3

[alpine-devel] Alpine Linux project management

Ilya Strelkin
Details
Message ID
<be249ad40903090551p564a9fb0h77333d68db0cc72a@mail.gmail.com>
Sender timestamp
1236603070
DKIM signature
missing
Download raw message
Dear Natanael!

I am interested to volunteer in that area.
Perhaps, we may have
   - security alert mailing list
   - wiki-like system for security alert log and related recommendations,
tasks and code/packages updates references

Iljya






> Security manager
> ================
> This role means following security lists and figure out what things
> affects us. then take the neccessary steps to make sure those bugs are
> fixed and make annoucements etc. I think we would need a security
> mailing list and some kind of bug database. This roel does not really
> require any coding skills either, but it requires interest for security
> issues, bugs etc.
>
>
Natanael Copa
Details
Message ID
<1236691631.28727.24.camel@nc>
In-Reply-To
<be249ad40903090551p564a9fb0h77333d68db0cc72a@mail.gmail.com> (view parent)
Sender timestamp
1236691631
DKIM signature
missing
Download raw message
On Mon, 2009-03-09 at 15:51 +0300, Ilya Strelkin wrote:
> Dear Natanael!
> 
> I am interested to volunteer in that area.

ok. nice!

> Perhaps, we may have 
>    - security alert mailing list

Any sugguestion to the name of such mailing list? we currently only have
alpine-devel.

>    - wiki-like system for security alert log and related
> recommendations, tasks and code/packages updates references

Do you have any suggestions what wiki (or other system) we can use for
this?

To me it sounds more like a news site or similar. The wiki idea is that
anybody can modify contents and i doubt we want security alerts be
modified by anonymous.

This should probably be integrated with the bugtracker (whatever we end
up with).

> 
> Iljya
> 
> 
> 
> 
> 
>  
>         Security manager
>         ================
>         This role means following security lists and figure out what
>         things
>         affects us. then take the neccessary steps to make sure those
>         bugs are
>         fixed and make annoucements etc. I think we would need a
>         security
>         mailing list and some kind of bug database. This roel does not
>         really
>         require any coding skills either, but it requires interest for
>         security
>         issues, bugs etc.
>         
> 
> 
> 



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Ilya Strelkin
Details
Message ID
<be249ad40903110335k7a8776a6y73e1ddb3e65324de@mail.gmail.com>
In-Reply-To
<1236691631.28727.24.camel@nc> (view parent)
Sender timestamp
1236767742
DKIM signature
missing
Download raw message
> Any sugguestion to the name of such mailing list? we currently only have
> alpine-devel.


alpine-security[-alert]@lists.alpinelinux.org

or since "alpine" word is already in then just

security-alerts@lists.alpinelinux.org
security-advisory@lists.alpinelinux.org
security-notifications@lists.alpinelinux.org


> >    - wiki-like system for security alert log and related
> > recommendations, tasks and code/packages updates references
>
> Do you have any suggestions what wiki (or other system) we can use for
> this?


1. Sputnik  - LUA based - simple but yet powerful, inlcudes bugtracker (
http://spu.tnik.org)
2. TikiWiki - includes Forums, Blogs, Image Gallery, Bug tracker
3. MediaWiki - it is well known and feature rich system

Also there are several good CMS, but they ussually require heavy web
technologies..


> To me it sounds more like a news site or similar. The wiki idea is that
> anybody can modify contents and i doubt we want security alerts be
> modified by anonymous.


You are right, although wiki systems have "open" nature but proper ACL
solves problem. The idea is the ability to modify content easy but securely!


>
> This should probably be integrated with the bugtracker (whatever we end
> up with).


yes. Sputnik or TikiWiki have intergated BugTracker.


Iljya
Natanael Copa
Details
Message ID
<1236798934.7611.21.camel@ncopa-laptop>
In-Reply-To
<be249ad40903110335k7a8776a6y73e1ddb3e65324de@mail.gmail.com> (view parent)
Sender timestamp
1236798934
DKIM signature
missing
Download raw message
On Wed, 2009-03-11 at 13:35 +0300, Ilya Strelkin wrote:
> 
>         Any sugguestion to the name of such mailing list? we currently
>         only have
>         alpine-devel.
> 
> alpine-security[-alert]@lists.alpinelinux.org
> 
> or since "alpine" word is already in then just
> 
> security-alerts@lists.alpinelinux.org
> security-advisory@lists.alpinelinux.org
> security-notifications@lists.alpinelinux.org

I'm ok with any of those names. security-alerts is shortest so i'd go
for that.

 
>         >    - wiki-like system for security alert log and related
>         > recommendations, tasks and code/packages updates references
>         
>         
>         Do you have any suggestions what wiki (or other system) we can
>         use for
>         this?
> 
> 1. Sputnik  - LUA based - simple but yet powerful, inlcudes bugtracker
> (http://spu.tnik.org)
> 2. TikiWiki - includes Forums, Blogs, Image Gallery, Bug tracker
> 3. MediaWiki - it is well known and feature rich system 

we use mediawiki today.

> Also there are several good CMS, but they ussually require heavy web
> technologies..
>  
>         To me it sounds more like a news site or similar. The wiki
>         idea is that
>         anybody can modify contents and i doubt we want security
>         alerts be
>         modified by anonymous.
> 
> You are right, although wiki systems have "open" nature but proper ACL
> solves problem. The idea is the ability to modify content easy but
> securely!

The goal with those things are to make it clear that we take security
seriously. It should give users, decision makers trust.

What I am sceptic about with the concept wiki is that people think of it
as something you can not trust 100% since anyone can change it (even if
that is not the case ofcourse). So I think that if we say "for security
information see wiki" will give a non-trust impression, if you
understand.

I 100% agree with it must be easy to maintain and update, and it might
be a wiki. I just think we cannot make it very visible that it is a
wiki. 

> 
> 
>         
>         
>         This should probably be integrated with the bugtracker
>         (whatever we end
>         up with).
> 
> yes. Sputnik or TikiWiki have intergated BugTracker.

I think we will end up with redmine for bugtracking, which have an
integrated wiki.

We have a test here:
http://redmine.nethq.net

If you really want a wiki, do you think that wiki could work? I doubt
that we can hide that it is a wiki, but...

we could have a look at what other projects do too, i.e ubuntu, debian,
openbsd, ipcop etc.

>  
> Iljya


thanks!



---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Nathan Angelacos
Details
Message ID
<49B87B43.8030204@nothome.org>
In-Reply-To
<1236798934.7611.21.camel@ncopa-laptop> (view parent)
Sender timestamp
1236826947
DKIM signature
missing
Download raw message
Natanael Copa wrote:
> On Wed, 2009-03-11 at 13:35 +0300, Ilya Strelkin wrote:
>>         Any sugguestion to the name of such mailing list? we currently
>>         only have
>>         alpine-devel.
>>
>> alpine-security[-alert]@lists.alpinelinux.org
>>
>> or since "alpine" word is already in then just
>>
>> security-alerts@lists.alpinelinux.org
>> security-advisory@lists.alpinelinux.org
>> security-notifications@lists.alpinelinux.org
> 
> I'm ok with any of those names. security-alerts is shortest so i'd go
> for that.
> 

I'm happy to set up any mailing list with any name.  But if we are going 
for short, then:

security@lists.alpinelinux.org

Or, what if we went with the CERT theme?

cert-alerts@lists.alpinelinux.org
alpine-cert@lists.alpinelinux.org

I kinda like alpine-cert - could have its own web-page and RSS feed...

But again, no strong feelings - just a couple of thoughts


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---