Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team

What is the intention to allow non-committer members as members of the Project Security Team ?


This would include any of the Eclipse Security team, wouldn't it? Or are they a part of this by being at Eclipse regardless, and these non-committer members would be part of a company-sponsored project by having their security team be on this new team as well?
 

This seems to contradict the default where membership in the Project Security Team is automatically revoked when Committer status is revoked.


This is a good point. I wonder if the policy should include a yearly re-vote for non-committer members to reassure committers that they are still actively engaged. This is unlikely to ever be a factor in our project, but based on other experience, I could see it being an issue.

cheers,
Jesse

 

 

From: eclipse.org-architecture-council <eclipse.org-architecture-council-bounces@xxxxxxxxxxx> on behalf of Wayne Beaton via eclipse.org-architecture-council <eclipse.org-architecture-council@xxxxxxxxxxx>
Date: Thursday, 30. May 2024 at 23:03
To: eclipse.org-architecture-council <eclipse.org-architecture-council@xxxxxxxxxxx>
Cc: Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [eclipse.org-architecture-council] Update the EDP to include a Project Security Team

Greetings Eclipse Architecture Council.

 

The Security team has requested a change to the Eclipse Foundation Development Process to help us better manage security issues. The changes introduce a new role/team: the Project Security Team.

 

I've uploaded a diff document that highlights the suggested changes.

 

 

The date is bogus. Despite what the highlights suggest, none of the images have changed.

 

We seek your input.

 

I will be on vacation and mostly out of contact for the next two weeks, but Mikael Barbero, our Head of Security, is a member of the Architecture Council and should be able to respond to your questions and concerns.

 

The changes are primarily concerned with the means by which a Project Security Team is established and governed. The duties of the team are defined by the Eclipse Security Policy and all discussion of duties are deferred to that document.

 

One thing that the changes do not currently consider is the potential establishment of a Project Security Team as part of the proposal/project creation process. We'll address that in a future version.

 

We'd like to get this to the Board of Directors for their approval in their June meeting. Our deadline to provide materials is June 11. We'll need to resolve any feedback and concerns by then.

 

You can discuss this on this channel/thread, or open issues against the repository.

 

 

Thanks for your attention in this matter.

 

Wayne


--

Wayne Beaton

Director of Open Source Projects | Eclipse Foundation



My working day may not be your working day! Please don’t feel obliged to read or reply to this e-mail outside of your normal working hours.

_______________________________________________
eclipse.org-architecture-council mailing list
eclipse.org-architecture-council@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/eclipse.org-architecture-council

Back to the top