More the merrier IMHO, I am +1 on you joining On 24 July 2017 at 06:04, 'Bruno P. Kinoshita' via Jenkins Developers < [email protected]> wrote:
> Hi Oleg, > > I had seen the security advisory, and in the Wiki and GitHub I can see > some progress made to fix some of the 5 issues. > > But I think the maintainer is the only one with access to read and comment > in the SECURITY-XXX tickets. > > At least that's what I recall from when I worked on an SECURITY issue. My > intention was to check the progress of tickets, see if there was a patch > somewhere to be tested, or a discussion going on. And then try to help > scriptler and any other plugin I use/used or that is a dependency in one of > the plugins I use. > > But I can wait till the maintainer has made further progress on the > issues. I will re-read the description of the security issues with more > calm over the next days, check latest code and try to liaise directly with > the maintainer if I have a patch. > > Cheers > Bruno > > > Sent from Yahoo Mail on Android > <https://overview.mail.yahoo.com/mobile/?.src=Android> > > On Tue, 25 Jul 2017 at 0:06, Oleg Nenashev > <[email protected]> wrote: > Hi Bruno, > > Generally I am +1 with this request. Having more people is definitely > useful. > > OTOH you probably do not need to be a member of the Security team if you > *just* want to fix Scriptler. It's vulnerabilities are publicly listed in > this advisory: https://jenkins.io/security/advisory/2017-04-10/ . > Regarding plugins maintained by active contributors, we usually assign > security issues to them. In all other cases like core fixes, yes it makes > sense to join the security team. > > Best regards, > Oleg > > суббота, 22 июля 2017 г., 12:38:12 UTC+3 пользователь kinow написал: > > Hi, > > I would like to request to be added to the Jenkins Security Team. My main > interest is in helping to fix issues in any dependency of the plug-ins I > maintain, as well as in the core. Right now Scriptler is a plug-in I would > like to try and see if I could help, as it is blocking > active-choices-plugin. > > GitHub with 2FA enabled: kinow > CLA: https://github.com/jenkinsci/ infra-cla/pull/48 > <https://github.com/jenkinsci/infra-cla/pull/48> > FreeNode user: kinow > > Thank you > Bruno > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-dev/20d20e3c-a222-4d53-8309-3dd6daee74a0% > 40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/20d20e3c-a222-4d53-8309-3dd6daee74a0%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-dev/614930702.4539161.1500901468492%40mail.yahoo.com > <https://groups.google.com/d/msgid/jenkinsci-dev/614930702.4539161.1500901468492%40mail.yahoo.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CA%2BnPnMynB%2B%3D0afMpt9q_SDa%2BENAChyiR7OepuQ72BkMH%3Dsu4LQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
