Re: [eclipse.org-architecture-council] Update the EDP to include a Proje

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team

From: "Sohn, Matthias" <matthias.sohn@xxxxxxx>
Date: Thu, 30 May 2024 21:27:11 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=sap.com; dmarc=pass action=none header.from=sap.com; dkim=pass header.d=sap.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Syp1PH3MHA693OGoAKUe/toGzw4YuqYgr73/KY3ypnc=; b=eQvXeiizA6sxpOi6Rijr6iLNvEchZrKLLwojJ/o3z57+fkx9bb7kaTh51Tv8HaWJP3KONOzkl0bsade5FA/BPWcB/jmhwKumIsoOng4xKDWgAG+4HXK6YfVlqWnUh/bCRAjzNrd77SL8OTi9z4dUsn3JAcFl2oR9esgw267eHOBr5rVZ16L75GtVrjm42oWIKSkddkQdyvEyU7MhbBOrD5nTSs2R03t8aOZmAvNyq8st6uwhQ2lUksEU3UG7CkWEKEJNAwlDvLBE+FIDFYMB/wGYPdCcgJLYUWEJ4jxwz32ga4fLmCgs4NgVhNQha3vxI+Ni/9fDoTEheDJRnv8Amg==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DnvzO2KUeNhdnLQR2qjU+8iFtQPSweN/1WQEuurrGMpUDdMTf58oYFmalE/fl3X7HZd9SNxWj1Nb0NFsfwRWK7edGWY7Vr8oCNfuxefWy7zyxhZl1wvplhQQIs2v7a/xauqoJYO8Pb5Eu8Djk2pTa2Xdhu3YBot1No27TkhjzfYqZpuMlfIFdJG85jj2t65u9BuIsaHriYlKQ2Sc2Wz1JVHkAzuHnZR8h4UVRbQf8V5wCO8MLzeabFi/xP0F7QcWRzE6BO1KVdYciMQMps7sV0zkP4louP8KjAUq3FB7c9uo/RgyidNjiId4BhR6QJqycd/VBjMnAKecM3iQFqzRUw==
Delivered-to: eclipse.org-architecture-council@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/eclipse.org-architecture-council/>
List-help: <mailto:eclipse.org-architecture-council-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council>, <mailto:eclipse.org-architecture-council-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/eclipse.org-architecture-council>, <mailto:eclipse.org-architecture-council-request@eclipse.org?subject=unsubscribe>
Thread-index: AQHastTGcj1I2Bsqs0mkRLqkHsS127GwSFWE
Thread-topic: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team

What is the intention to allow non-committer members as members of the Project Security Team ?

This seems to contradict the default where membership in the Project Security Team is automatically revoked when Committer status is revoked.

From: eclipse.org-architecture-council <eclipse.org-architecture-council-bounces@xxxxxxxxxxx> on behalf of Wayne Beaton via eclipse.org-architecture-council <eclipse.org-architecture-council@xxxxxxxxxxx>
Date: Thursday, 30. May 2024 at 23:03
To: eclipse.org-architecture-council <eclipse.org-architecture-council@xxxxxxxxxxx>
Cc: Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team

Greetings Eclipse Architecture Council.

The Security team has requested a change to the Eclipse Foundation Development Process to help us better manage security issues. The changes introduce a new role/team: the Project Security Team.

I've uploaded a diff document that highlights the suggested changes.

https://www.eclipse.org/projects/dev_process/development_process_1.12/diff.php

The date is bogus. Despite what the highlights suggest, none of the images have changed.

We seek your input.

I will be on vacation and mostly out of contact for the next two weeks, but Mikael Barbero, our Head of Security, is a member of the Architecture Council and should be able to respond to your questions and concerns.

The changes are primarily concerned with the means by which a Project Security Team is established and governed. The duties of the team are defined by the Eclipse Security Policy and all discussion of duties are deferred to that document.

One thing that the changes do not currently consider is the potential establishment of a Project Security Team as part of the proposal/project creation process. We'll address that in a future version.

We'd like to get this to the Board of Directors for their approval in their June meeting. Our deadline to provide materials is June 11. We'll need to resolve any feedback and concerns by then.

You can discuss this on this channel/thread, or open issues against the repository.

https://gitlab.eclipse.org/eclipse/vhant/development-process

Thanks for your attention in this matter.

Wayne

Wayne Beaton

Director of Open Source Projects | Eclipse Foundation

My working day may not be your working day! Please don’t feel obliged to read or reply to this e-mail outside of your normal working hours.

Follow-Ups:
- Re: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team
  - From: Jesse McConnell

References:
- [eclipse.org-architecture-council] Update the EDP to include a Project Security Team
  - From: Wayne Beaton

Prev by Date: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team
Next by Date: Re: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team
Previous by thread: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team
Next by thread: Re: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team
Index(es):
- Date
- Thread

Breadcrumbs