Hi all,
I would be more than happy to participate and give my insight based on
my experience dealing with Symfony security issues and managing the
security advisory database
(https://github.com/FriendsOfPHP/security-advisories).
Fabien
On 26/05/2018 18:17, Michael Cullum wrote:
Hi all,
PSR-9 and PSR-10 have been quite quiet for a long time. Michael Hess
(Drupal security lead) has stepped back from being the Editor
and has asked if I could step up as Editor. The next step is to form a
working group. *This thread is an appeal for people who wish to*
*join the working group *so we can get the ball rolling with a
(re)-entance vote.
What are PSR-9 and PSR-10
---------------------------------------
*PSR-9 is about how to inform the public of security advisories* once
published by a project. The previous direction of this
PSR was particularly focused on standardising a machine-readable
advisory format but there's possibility for enhanced scope within that area.
*PSR-10 is about security reporting process* including aspects of how to
responsibly report an issue to a project, what can
be considered reasonable response and resolution times before disclosure
by the reporter and the process of patching security issues.
You can join the working group for both or just one of two PSRs.
Who should join the Working Group?
--------------------------------------------------
We're looking for people in a few different categories:
* Security researchers
* Security leads of large projects, or in their absense (or lack of a
person in such a role), a suitably qualified person from that project
* [PSR-9] People who work on security checker tooling
* [PSR-9] Security advisory database maintainers
* Security advocates
Who is already on the Working Group?
-----------------------------------------------------
* Michael Cullum - Editor & Symfony Security Lead
* Larry Garfield - PSR-9 CC Sponsor
* Korvin Szanto - PSR-10 CC Sponsor
* Michael Hess - Drupal Security Lead
* Adam Englander
The working group are the group of people who are involved in the
creation and core discussions for creation of the specifications,
but there's very little active work required, just your opinion.
If you think you might be able to contribute and fit with one of the
above categories then please get in touch through this thread or if
you want to chat first, a private email or tweeting me
(@michaelcullumuk) is also fine!
--
Thanks,
Michael Cullum
--
You received this message because you are subscribed to the Google
Groups "PHP Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to php-fig+unsubscr...@googlegroups.com
<mailto:php-fig+unsubscr...@googlegroups.com>.
To post to this group, send email to php-fig@googlegroups.com
<mailto:php-fig@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/php-fig/CAAqcDMi-zm7cqAWwNWefGAvBb-j8T%3DoFrAnsTsyCd_49AJfEBQ%40mail.gmail.com
<https://groups.google.com/d/msgid/php-fig/CAAqcDMi-zm7cqAWwNWefGAvBb-j8T%3DoFrAnsTsyCd_49AJfEBQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "PHP
Framework Interoperability Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to php-fig+unsubscr...@googlegroups.com.
To post to this group, send email to php-fig@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/php-fig/d80eb533-8c42-bd22-5a27-2ec661dabe1e%40potencier.org.
For more options, visit https://groups.google.com/d/optout.