Vote: yes. Aside: Thanks for assembling a good list of initial members.
-Doug On 02/28/2018 11:13 AM, mark.reinh...@oracle.com wrote: > (This is a call for votes, but only from members of the Governing Board.) > > I hereby propose the creation of the Vulnerability Group, with Andrew > Gross as the initial Lead. > > This Group will be a secure, private forum in which trusted members of > the OpenJDK Community can receive reports of vulnerabilities in OpenJDK > code bases, review them, collaborate on fixing them, and coordinate the > release of such fixes. > > This Group will be unusual in several respects, due to the sensitive > nature of its work: Membership will be more selective, there will be a > strict communication policy, and members (or their employers) will need > to sign a non-disclosure and license agreement. These requirements do, > strictly speaking, violate the OpenJDK Bylaws. Per our past discussions, > however, I trust that Governing Board members will approve the creation > of the Group with these exceptional requirements. > > The detailed proposal for the Group is here: > > http://cr.openjdk.java.net/~mr/ojvg/ > > The non-disclosure and license agreement (NDLA) is here: > > http://cr.openjdk.java.net/~mr/ojvg/ojvg-ndla-2018-01-30.pdf > > The proposed initial Lead of the Vulnerability Group is Andrew Gross, > who leads Oracle's internal Java Vulnerability Team. Andrew has over 25 > years experience in computer security including discovering and fixing > vulnerabilities, performing forensic analyses, tracking intruders, and > assisting government and law enforcement. He holds a Ph.D. in electrical > engineering from the University of California at San Diego. > > The suggested list of initial Group Members is: > > Martin Balao (Red Hat) > Aaron Bedra > Tasha Carl > Paul Cheeseman (IBM) > John Coomes (Twitter) > Andrew Gross (Oracle) > Andrew Haley (Red Hat) > Frances Ho (Oracle) > Paul Hohensee (Amazon) > Andrew Hughes (Red Hat) > Bernd Mathiske (Amazon) > Ramki Ramakrishna (Twitter) > Mark Reinhold (Oracle) > Simon Ritter (Azul) > Volker Simonis (SAP) > Gil Tene (Azul) > Dalibor Topic (Oracle) > Jesper Wilhelmsson (Oracle) > > (Organizational affiliations are not normally relevant when proposing a > new Group; they are shown here to demonstrate that a broad cross-section > of downstream maintainers will be represented.) > > Only current Governing Board Members [1] are eligible to vote on this > motion. Votes must be cast in the open by replying to this mailing list. > > Votes are due in two weeks, by 23:00 UTC on Wednesday, 14 March [2]. > > For Simple Majority voting instructions, see [3]. > > - Mark > > > [1] http://openjdk.java.net/census#gb > [2] https://time.is/2300_14_Mar_2018_in_UTC/GMT/EST/PST?OJVG_votes_due > [3] http://openjdk.java.net/groups/#new-group-vote >