Infra makes good use of the Slack huddle feature for a monthly live chat. It is tightly integrated with the conversation thread in the related 'roundtable' channel. The ASF Board is offering 'office hours' in the same way. Security could set such a thing up without having to spin up a presence on a video-call site.
On Thu, Oct 10, 2024 at 9:23 AM Gary Gregory <garydgreg...@gmail.com> wrote: > I like the idea of a video call. > > Gary > > On Thu, Oct 10, 2024 at 8:07 AM Piotr P. Karwasz <piotr.karw...@gmail.com> > wrote: > > > Hi Mark, > > > > On Thu, 10 Oct 2024 at 11:00, Mark J. Cox <m...@apache.org> wrote: > > > Hi Chris! As Arnout wrote, we set up the public security-discuss list > > and wiki to be such a working group to capture and share some best > > practices among our projects. It was the follow-up from some of the good > > ideas captured after the White House meetings following on from > log4shell. > > Then, anything that we want to make a requirement, rather than a > > recommended practice, would feed back into the security committee to add > > into our existing policies. I believe that's the right place for the > things > > you're suggesting. > > > > > > The list hasn't had a lot of traction, and many of the ideas and > > thoughts on the wiki didn't get followed up on as it didn't get a lot of > > interest (mostly lacking volunteers wanting to spend the time on it). So > > it would be great to get some more feedback, input, and leadership from > you > > there. > > > > As you remarked the list doesn't have a lot of traction and I didn't > > see any of the subjects that were discussed there being pursued > > further. > > > > Last week, together with some members of the Logging PMC and Security > > Team, I had a video meeting with two security experts regarding the > > quality of our SBOMs (not very high) and how to improve it and then > > extend their usage in the ASF. I will share my conclusions about the > > meeting on `security-discuss@community` once I get around all the > > subjects that were discussed, but I found the overall experience of a > > (virtual) face-to-face meeting more productive that long discussions > > on `security-discuss@community`. > > > > Maybe we should have a regular Security Round Table help on a video > > conference platform. This would allow us: > > > > * to communicate with the Security Team more directly, > > * to think about security more regularly (there is a meeting, I need > > to prepare), > > * to have some short meeting notes that show us how fast (or slowly) > > security awareness in the ASF is growing. > > > > What do you think? > > > > Piotr > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > > -- Andrew Wetmore Technical Writer-Editor Infra *Apache Software Foundation* andr...@apache.org
