Security gnome org handling


We discussed this yesterday at the Board meeting the handling of
security g o emails.

The main part of the handling would be passing on the e-mail data from
the sender to the maintainers of the application affected, as well as
making sure that vendor-sec and distributions are aware of the issues.

Would the release-team be comfortable dealing with those e-mails, and
the communications that it involves? Given that the problems are code
related, rather than process related, it seems that the release team is
a better fit for the task.

The amount of e-mails is minimal, and every now and then, you might
receive e-mails that do not fit with "GNOME Code" related problems,
which might need to be passed on to the sysadmin team (removal of
sensitive data from mail archives, security problems with parts of the
GNOME infrastructure, etc.).

Let us (the Board) know what you think. The job should be fairly small
overall, but it would help the Board focus on its goals, rather than
trying to micro-manage the project.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]