Hi Oleg, I had seen the security advisory, and in the Wiki and GitHub I can see some progress made to fix some of the 5 issues. But I think the maintainer is the only one with access to read and comment in the SECURITY-XXX tickets. At least that's what I recall from when I worked on an SECURITY issue. My intention was to check the progress of tickets, see if there was a patch somewhere to be tested, or a discussion going on. And then try to help scriptler and any other plugin I use/used or that is a dependency in one of the plugins I use. But I can wait till the maintainer has made further progress on the issues. I will re-read the description of the security issues with more calm over the next days, check latest code and try to liaise directly with the maintainer if I have a patch. CheersBruno
Sent from Yahoo Mail on Android On Tue, 25 Jul 2017 at 0:06, Oleg Nenashev<[email protected]> wrote: Hi Bruno, Generally I am +1 with this request. Having more people is definitely useful. OTOH you probably do not need to be a member of the Security team if you just want to fix Scriptler. It's vulnerabilities are publicly listed in this advisory: https://jenkins.io/security/advisory/2017-04-10/ . Regarding plugins maintained by active contributors, we usually assign security issues to them. In all other cases like core fixes, yes it makes sense to join the security team. Best regards, Oleg суббота, 22 июля 2017 г., 12:38:12 UTC+3 пользователь kinow написал: Hi, I would like to request to be added to the Jenkins Security Team. My main interest is in helping to fix issues in any dependency of the plug-ins I maintain, as well as in the core. Right now Scriptler is a plug-in I would like to try and see if I could help, as it is blocking active-choices-plugin. GitHub with 2FA enabled: kinowCLA: https://github.com/jenkinsci/ infra-cla/pull/48FreeNode user: kinow Thank youBruno -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/20d20e3c-a222-4d53-8309-3dd6daee74a0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/614930702.4539161.1500901468492%40mail.yahoo.com. For more options, visit https://groups.google.com/d/optout.
