Request to participate in C.E.R.T.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Request to participate in C.E.R.T.

Antonio Manuel Muñiz Martín-2
Hello,

I think I could help fixing/testing/reviewing Jenkins (core or plugins) security patches. I'm participating in more plugins over the time (even becoming maintainer in some of them) and I'd like to beware (and help fixing) security issues.

According to the guidelines in the Jenkins CERT team wiki page I've submitted my ICLA:

    Name: Antonio Muñiz
    CLA: ICLA / CCLA submitted but not merged - https://github.com/jenkinsci/infra-cla/pull/32
    Company: CloudBees
    GitHub ID: amuniz
    Jenkins ID: amuniz
    E-mail: [hidden email]

--
* Antonio Manuel Muñiz
* amunizmartin.com
* [hidden email]

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CACpar95ChEh-7p%2BZy%3D8RHA_4PbAfFrTLG2ZiqAX5gkKSUe0OGQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Request to participate in C.E.R.T.

Daniel Beck
Hi Antonio,

I put your request on the agenda for the next project meeting.

Note that we can already give you access to select issues in plugins you're maintaining. This is something we recently started doing. If you don't have a SECURITY issue assigned, that's probably a good sign…
https://wiki.jenkins-ci.org/display/SECURITY/SECURITY+issues+in+plugins

Daniel

> On 15.04.2016, at 13:26, Antonio Manuel Muñiz Martín <[hidden email]> wrote:
>
> Hello,
>
> I think I could help fixing/testing/reviewing Jenkins (core or plugins) security patches. I'm participating in more plugins over the time (even becoming maintainer in some of them) and I'd like to beware (and help fixing) security issues.
>
> According to the guidelines in the Jenkins CERT team wiki page I've submitted my ICLA:
>
>     Name: Antonio Muñiz
>     CLA: ICLA / CCLA submitted but not merged - https://github.com/jenkinsci/infra-cla/pull/32
>     Company: CloudBees
>     GitHub ID: amuniz
>     Jenkins ID: amuniz
>     E-mail: [hidden email]
>
> --
> * Antonio Manuel Muñiz
> * amunizmartin.com
> * [hidden email]
>
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CACpar95ChEh-7p%2BZy%3D8RHA_4PbAfFrTLG2ZiqAX5gkKSUe0OGQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/A540B5BC-7A49-42E3-B61F-563F1F44F78F%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Request to participate in C.E.R.T.

Oliver Gondža-2
On 04/15/2016 01:55 PM, Daniel Beck wrote:
> Hi Antonio,
>
> I put your request on the agenda for the next project meeting.

Do we really need to fill the agenda with tasks like this? How about
several people giving thumbs up/down here to approve asynchronously and
discuss only if there is not consensus? Anyway, here is my +1.

--
oliver

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/5710E163.4080708%40gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Request to participate in C.E.R.T.

Baptiste MATHUS
Oliver, I think it somehow *has* to be this way due to governance model of Jenkins. 

And as Stephen phrased it, the IRC meeting should preferably be only a rubber stamping event on things already discussed and preferably (mostly?) agreed on. 
On such a subject even more possibly, I guess I would feel uncomfortable if that is only known and discussed during the meeting. (also because that meeting is not evenly easy to attend to the community members depending on many things like personal lives/organization, TZ, and so on).

So, +1 from also on the question. So that the subject can actually be tackled quicklier during the gov meeting.

My 2 cents

-- Baptiste




2016-04-15 12:41 GMT+00:00 Oliver Gondža <[hidden email]>:
On 04/15/2016 01:55 PM, Daniel Beck wrote:
Hi Antonio,

I put your request on the agenda for the next project meeting.

Do we really need to fill the agenda with tasks like this? How about several people giving thumbs up/down here to approve asynchronously and discuss only if there is not consensus? Anyway, here is my +1.

--
oliver

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/5710E163.4080708%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS7mtCsYcddP0Z8k0PJBVET22WqqgxX5Eu5Q7Npna2Uw8w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Request to participate in C.E.R.T.

Kohsuke Kawaguchi
Administrator
As a part of the authority given to the security team lead, it is my understanding that it is up to Daniel to decide how to enroll new people to the CERT team. As the document describes, that structure is built precisely so that every decision doesn't have to go through the project meeting.

That said, since it is Daniel who's asking this to be on the agenda, and I agree with both Oliver and Baptise that having +1 here would streamline the meeting, here's my +1 too FWIW.


On Fri, Apr 15, 2016 at 6:26 AM Baptiste Mathus <[hidden email]> wrote:
Oliver, I think it somehow *has* to be this way due to governance model of Jenkins. 

And as Stephen phrased it, the IRC meeting should preferably be only a rubber stamping event on things already discussed and preferably (mostly?) agreed on. 
On such a subject even more possibly, I guess I would feel uncomfortable if that is only known and discussed during the meeting. (also because that meeting is not evenly easy to attend to the community members depending on many things like personal lives/organization, TZ, and so on).

So, +1 from also on the question. So that the subject can actually be tackled quicklier during the gov meeting.

My 2 cents

-- Baptiste




2016-04-15 12:41 GMT+00:00 Oliver Gondža <[hidden email]>:
On 04/15/2016 01:55 PM, Daniel Beck wrote:
Hi Antonio,

I put your request on the agenda for the next project meeting.

Do we really need to fill the agenda with tasks like this? How about several people giving thumbs up/down here to approve asynchronously and discuss only if there is not consensus? Anyway, here is my +1.

--
oliver

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/5710E163.4080708%40gmail.com.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS7mtCsYcddP0Z8k0PJBVET22WqqgxX5Eu5Q7Npna2Uw8w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAN4CQ4w%3DA2%3DvhVjOYx6sZ6A0QTAk%3DuvBySTFdp87uQJE9GOGrA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Request to participate in C.E.R.T.

Daniel Beck
In reply to this post by Daniel Beck

> On 15.04.2016, at 13:55, Daniel Beck <[hidden email]> wrote:
>
> I put your request on the agenda for the next project meeting.

This request is approved.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/90032857-7109-4AAB-A124-55BE5F92E63E%40beckweb.net.
For more options, visit https://groups.google.com/d/optout.