Greetings Eclipse Architecture Council.
The Security team has requested a change to the Eclipse Foundation Development Process to help us better manage security issues. The changes introduce a new role/team: the Project Security Team.
I've uploaded a diff document that highlights the suggested changes.
The date is bogus. Despite what the highlights suggest, none of the images have changed.
We seek your input.
I will be on vacation and mostly out of contact for the next two weeks, but Mikael Barbero, our Head of Security, is a member of the Architecture Council and should be able to respond to your questions and concerns.
The changes are primarily concerned with the means by which a Project Security Team is established and governed. The duties of the team are defined by the Eclipse Security Policy and all discussion of duties are deferred to that document.
One thing that the changes do not currently consider is the potential establishment of a Project Security Team as part of the proposal/project creation process. We'll address that in a future version.
We'd like to get this to the Board of Directors for their approval in their June meeting. Our deadline to provide materials is June 11. We'll need to resolve any feedback and concerns by then.
You can discuss this on this channel/thread, or open issues against the repository.
Thanks for your attention in this matter.
Wayne
-- Wayne Beaton
Director of Open Source Projects | Eclipse Foundation
My working day may not be your working day! Please don’t feel obliged to read or reply to this e-mail outside of your normal working hours.