More the merrier IMHO, I am +1 on you joining On 24 July 2017 at 06:04, 'Bruno P. Kinoshita' via Jenkins Developers < jenkinsci-dev@googlegroups.com> wrote:
> Hi Oleg, > > I had seen the security advisory, and in the Wiki and GitHub I can see > some progress made to fix some of the 5 issues. > > But I think the maintainer is the only one with access to read and comment > in the SECURITY-XXX tickets. > > At least that's what I recall from when I worked on an SECURITY issue. My > intention was to check the progress of tickets, see if there was a patch > somewhere to be tested, or a discussion going on. And then try to help > scriptler and any other plugin I use/used or that is a dependency in one of > the plugins I use. > > But I can wait till the maintainer has made further progress on the > issues. I will re-read the description of the security issues with more > calm over the next days, check latest code and try to liaise directly with > the maintainer if I have a patch. > > Cheers > Bruno > > > Sent from Yahoo Mail on Android > <https://overview.mail.yahoo.com/mobile/?.src=Android> > > On Tue, 25 Jul 2017 at 0:06, Oleg Nenashev > <o.v.nenas...@gmail.com> wrote: > Hi Bruno, > > Generally I am +1 with this request. Having more people is definitely > useful. > > OTOH you probably do not need to be a member of the Security team if you > *just* want to fix Scriptler. It's vulnerabilities are publicly listed in > this advisory: https://jenkins.io/security/advisory/2017-04-10/ . > Regarding plugins maintained by active contributors, we usually assign > security issues to them. In all other cases like core fixes, yes it makes > sense to join the security team. > > Best regards, > Oleg > > суббота, 22 июля 2017 г., 12:38:12 UTC+3 пользователь kinow написал: > > Hi, > > I would like to request to be added to the Jenkins Security Team. My main > interest is in helping to fix issues in any dependency of the plug-ins I > maintain, as well as in the core. Right now Scriptler is a plug-in I would > like to try and see if I could help, as it is blocking > active-choices-plugin. > > GitHub with 2FA enabled: kinow > CLA: https://github.com/jenkinsci/ infra-cla/pull/48 > <https://github.com/jenkinsci/infra-cla/pull/48> > FreeNode user: kinow > > Thank you > Bruno > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-dev/20d20e3c-a222-4d53-8309-3dd6daee74a0% > 40googlegroups.com > <https://groups.google.com/d/msgid/jenkinsci-dev/20d20e3c-a222-4d53-8309-3dd6daee74a0%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to jenkinsci-dev+unsubscr...@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/jenkinsci-dev/614930702.4539161.1500901468492%40mail.yahoo.com > <https://groups.google.com/d/msgid/jenkinsci-dev/614930702.4539161.1500901468492%40mail.yahoo.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CA%2BnPnMynB%2B%3D0afMpt9q_SDa%2BENAChyiR7OepuQ72BkMH%3Dsu4LQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
