Hello again Nix Users, I was talking with Domen the other day on IRC about starting the NixOS Security Team. We agreed we should run it by the mailing list first and gets some feedback.
Members of this team would: - send out security announcements to our new mailing list[0] - have their GPG fingerprints on the public website so the announcements can be verified - potentially receive private security disclosures about the Nix ecosystem - (hopefully) help with weekly security roundups and bug fixing Long term, they are likely to be initial candidates for when we're seeking membership to the oss-security's "distros" list[1], and perhaps more direct involvement in security roadmap issues[2]. I think it is important that the members of this project have a history of interest in NixOS's security, and a general history of contributions to the project. I nominate the following people: - myself obviously, Graham Christensen (grahamc) - Daniel Peebles (copumpkin) - Domen Kožar (domenkozar) - Franz Pletz (fpletz) For Daniel and Domen, they are both fairly ( ;) ) respectable members of the community, have a long history of involvement, and both directly expressed interest on the thread about the "distros" mailing list[1]. For me, well, I think my initiative, consistency, and history speaks for itself[6,7]. (I also expressed interest in that same "distros" thread.[3]) For Franz, he is an incredibly consistent partner in the security roundups, and whose efforts I based the roundups process on. For Eelco and Rob Vermaas (not listed above,) I don't think they need nominating, and will be on the team if they want. (I'm assuming they'll want.) I haven't asked Daniel, Domen, or Franz if they would like to be members, so this is obviously pending their acceptance, and the approval of the community. Daniel, Domen, Franz, and Community: what do you think? A simple "+1" would be helpful, even if you have no further feedback. Eelco, Rob: what do _you_ think? Thank you, Graham Christensen 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html 1: https://github.com/NixOS/nixpkgs/issues/14819 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290 3: Note that I originally did express interest, but deleted my comments after [4] because peti was right. See: [5] 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937 6: https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc&type=Issues&utf8=%E2%9C%93 7: https://github.com/NixOS/security _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
