Re: [Nix-dev] NixOS Security Team

2016-12-07 Thread Vladimír Čunát 
On 12/07/2016 12:52 PM, Graham Christensen wrote:
> That is also why I didn't suggest vcunat and others. 

I wouldn't mind being on the team indeed... (as Rob beautifully put it)
but I can't promise to sustain putting a significant amount of work into
it - which doesn't mean I won't - I'm just unable to predict that and I
tend to over-commit myself in general.

Me officially (not) being part of the team probably won't affect much my
participation on solving the security issues, whatever that membership
turns out to mean exactly.

BTW, all the people mentioned so far do qualify IMO (including @nbp).

--Vladimir




smime.p7s
Description: S/MIME Cryptographic Signature
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOS Security Team

2016-12-07 Thread Thomas Hunger 
+1 to all - thanks for putting in the effort & energy!

On 7 December 2016 at 11:52, Graham Christensen  wrote:

> Rob Vermaas  writes:
>
> >
> > I am fine with any of the nominees mentioned. But I am sure there
> > might be others that are willing and able to help (as mentioned, e.g.
> > nbp), we should make sure we are open to accepting help of such
> > people, and make sure they do not feel left out.
> >
>
> Yes indeed! I thought about nbp, but noted that he didn't specifically
> mention interest in that thread. That is also why I didn't suggest
> vcunat and others.
>
> If someone is interested, please do speak up!
>
> Graham
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOS Security Team

2016-12-07 Thread Graham Christensen 
Rob Vermaas  writes:

>
> I am fine with any of the nominees mentioned. But I am sure there
> might be others that are willing and able to help (as mentioned, e.g.
> nbp), we should make sure we are open to accepting help of such
> people, and make sure they do not feel left out.
>

Yes indeed! I thought about nbp, but noted that he didn't specifically
mention interest in that thread. That is also why I didn't suggest
vcunat and others. 

If someone is interested, please do speak up!

Graham
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOS Security Team

2016-12-07 Thread Rob Vermaas 
Hi Graham,

Thanks for leading the effort of setting this up.

> For Eelco and Rob Vermaas (not listed above,) I don't think they need
> nominating, and will be on the team if they want. (I'm assuming they'll
> want.)

I wouldn't mind being on the team indeed.

> Eelco, Rob: what do _you_ think?

I am fine with any of the nominees mentioned. But I am sure there
might be others that are willing and able to help (as mentioned, e.g.
nbp), we should make sure we are open to accepting help of such
people, and make sure they do not feel left out.

-- 
Rob Vermaas

[email] rob.verm...@gmail.com
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOS Security Team

2016-12-07 Thread zimbatm 
+1, thanks for organising this

On Wed, 7 Dec 2016, 08:02 Lancelot SIX,  wrote:

> Big +1 for me for all of the no nominees.
>
> BR
> Lancelot
>
> On 07/12/2016 04:40, Jonn Mostovoy wrote:
> > My 2c: nbp certainly should be nominated ;)
> >
> > Regarding the proposal — it has to happen sooner or later anyway, and
> > if someone is willing to start it now, +1!
> > —
> > Kindest regards,
> > ¬Σ
> >
> >
> > On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensen 
> wrote:
> >> Hello again Nix Users,
> >>
> >> I was talking with Domen the other day on IRC about starting the NixOS
> >> Security Team. We agreed we should run it by the mailing list first and
> >> gets some feedback.
> >>
> >> Members of this team would:
> >>
> >>  - send out security announcements to our new mailing list[0]
> >>  - have their GPG fingerprints on the public website so the
> >>announcements can be verified
> >>  - potentially receive private security disclosures about the Nix
> >>ecosystem
> >>  - (hopefully) help with weekly security roundups and bug fixing
> >>
> >> Long term, they are likely to be initial candidates for when we're
> >> seeking membership to the oss-security's "distros" list[1], and perhaps
> >> more direct involvement in security roadmap issues[2].
> >>
> >> I think it is important that the members of this project have a history
> >> of interest in NixOS's security, and a general history of contributions
> >> to the project.
> >>
> >> I nominate the following people:
> >>
> >>  - myself obviously, Graham Christensen (grahamc)
> >>  - Daniel Peebles (copumpkin)
> >>  - Domen Kožar (domenkozar)
> >>  - Franz Pletz (fpletz)
> >>
> >> For Daniel and Domen, they are both fairly ( ;) ) respectable members of
> >> the community, have a long history of involvement, and both directly
> >> expressed interest on the thread about the "distros" mailing list[1].
> >>
> >> For me, well, I think my initiative, consistency, and history speaks for
> >> itself[6,7]. (I also expressed interest in that same "distros"
> >> thread.[3])
> >>
> >> For Franz, he is an incredibly consistent partner in the security
> >> roundups, and whose efforts I based the roundups process on.
> >>
> >> For Eelco and Rob Vermaas (not listed above,) I don't think they need
> >> nominating, and will be on the team if they want. (I'm assuming they'll
> >> want.)
> >>
> >> I haven't asked Daniel, Domen, or Franz if they would like to be
> >> members, so this is obviously pending their acceptance, and the approval
> >> of the community.
> >>
> >> Daniel, Domen, Franz, and Community: what do you think? A simple "+1"
> >> would be helpful, even if you have no further feedback.
> >>
> >> Eelco, Rob: what do _you_ think?
> >>
> >> Thank you,
> >> Graham Christensen
> >>
> >> 0:
> http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html
> >> 1: https://github.com/NixOS/nixpkgs/issues/14819
> >> 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290
> >> 3: Note that I originally did express interest, but deleted my comments
> >> after [4] because peti was right. See: [5]
> >> 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422
> >> 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937
> >> 6:
> https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93
> >> 7: https://github.com/NixOS/security
> >> ___
> >> nix-dev mailing list
> >> nix-dev@lists.science.uu.nl
> >> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> > ___
> > nix-dev mailing list
> > nix-dev@lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOS Security Team

2016-12-07 Thread Lancelot SIX 
Big +1 for me for all of the no nominees.

BR
Lancelot

On 07/12/2016 04:40, Jonn Mostovoy wrote:
> My 2c: nbp certainly should be nominated ;)
>
> Regarding the proposal — it has to happen sooner or later anyway, and
> if someone is willing to start it now, +1!
> —
> Kindest regards,
> ¬Σ
>
>
> On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensen  wrote:
>> Hello again Nix Users,
>>
>> I was talking with Domen the other day on IRC about starting the NixOS
>> Security Team. We agreed we should run it by the mailing list first and
>> gets some feedback.
>>
>> Members of this team would:
>>
>>  - send out security announcements to our new mailing list[0]
>>  - have their GPG fingerprints on the public website so the
>>announcements can be verified
>>  - potentially receive private security disclosures about the Nix
>>ecosystem
>>  - (hopefully) help with weekly security roundups and bug fixing
>>
>> Long term, they are likely to be initial candidates for when we're
>> seeking membership to the oss-security's "distros" list[1], and perhaps
>> more direct involvement in security roadmap issues[2].
>>
>> I think it is important that the members of this project have a history
>> of interest in NixOS's security, and a general history of contributions
>> to the project.
>>
>> I nominate the following people:
>>
>>  - myself obviously, Graham Christensen (grahamc)
>>  - Daniel Peebles (copumpkin)
>>  - Domen Kožar (domenkozar)
>>  - Franz Pletz (fpletz)
>>
>> For Daniel and Domen, they are both fairly ( ;) ) respectable members of
>> the community, have a long history of involvement, and both directly
>> expressed interest on the thread about the "distros" mailing list[1].
>>
>> For me, well, I think my initiative, consistency, and history speaks for
>> itself[6,7]. (I also expressed interest in that same "distros"
>> thread.[3])
>>
>> For Franz, he is an incredibly consistent partner in the security
>> roundups, and whose efforts I based the roundups process on.
>>
>> For Eelco and Rob Vermaas (not listed above,) I don't think they need
>> nominating, and will be on the team if they want. (I'm assuming they'll
>> want.)
>>
>> I haven't asked Daniel, Domen, or Franz if they would like to be
>> members, so this is obviously pending their acceptance, and the approval
>> of the community.
>>
>> Daniel, Domen, Franz, and Community: what do you think? A simple "+1"
>> would be helpful, even if you have no further feedback.
>>
>> Eelco, Rob: what do _you_ think?
>>
>> Thank you,
>> Graham Christensen
>>
>> 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html
>> 1: https://github.com/NixOS/nixpkgs/issues/14819
>> 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290
>> 3: Note that I originally did express interest, but deleted my comments
>> after [4] because peti was right. See: [5]
>> 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422
>> 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937
>> 6: 
>> https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93
>> 7: https://github.com/NixOS/security
>> ___
>> nix-dev mailing list
>> nix-dev@lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev

___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] NixOS Security Team

2016-12-06 Thread Jonn Mostovoy 
My 2c: nbp certainly should be nominated ;)

Regarding the proposal — it has to happen sooner or later anyway, and
if someone is willing to start it now, +1!
—
Kindest regards,
¬Σ


On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensen  wrote:
>
> Hello again Nix Users,
>
> I was talking with Domen the other day on IRC about starting the NixOS
> Security Team. We agreed we should run it by the mailing list first and
> gets some feedback.
>
> Members of this team would:
>
>  - send out security announcements to our new mailing list[0]
>  - have their GPG fingerprints on the public website so the
>announcements can be verified
>  - potentially receive private security disclosures about the Nix
>ecosystem
>  - (hopefully) help with weekly security roundups and bug fixing
>
> Long term, they are likely to be initial candidates for when we're
> seeking membership to the oss-security's "distros" list[1], and perhaps
> more direct involvement in security roadmap issues[2].
>
> I think it is important that the members of this project have a history
> of interest in NixOS's security, and a general history of contributions
> to the project.
>
> I nominate the following people:
>
>  - myself obviously, Graham Christensen (grahamc)
>  - Daniel Peebles (copumpkin)
>  - Domen Kožar (domenkozar)
>  - Franz Pletz (fpletz)
>
> For Daniel and Domen, they are both fairly ( ;) ) respectable members of
> the community, have a long history of involvement, and both directly
> expressed interest on the thread about the "distros" mailing list[1].
>
> For me, well, I think my initiative, consistency, and history speaks for
> itself[6,7]. (I also expressed interest in that same "distros"
> thread.[3])
>
> For Franz, he is an incredibly consistent partner in the security
> roundups, and whose efforts I based the roundups process on.
>
> For Eelco and Rob Vermaas (not listed above,) I don't think they need
> nominating, and will be on the team if they want. (I'm assuming they'll
> want.)
>
> I haven't asked Daniel, Domen, or Franz if they would like to be
> members, so this is obviously pending their acceptance, and the approval
> of the community.
>
> Daniel, Domen, Franz, and Community: what do you think? A simple "+1"
> would be helpful, even if you have no further feedback.
>
> Eelco, Rob: what do _you_ think?
>
> Thank you,
> Graham Christensen
>
> 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html
> 1: https://github.com/NixOS/nixpkgs/issues/14819
> 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290
> 3: Note that I originally did express interest, but deleted my comments
> after [4] because peti was right. See: [5]
> 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422
> 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937
> 6: 
> https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93
> 7: https://github.com/NixOS/security
> ___
> nix-dev mailing list
> nix-dev@lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

[Nix-dev] NixOS Security Team

2016-12-06 Thread Graham Christensen 

Hello again Nix Users,

I was talking with Domen the other day on IRC about starting the NixOS
Security Team. We agreed we should run it by the mailing list first and
gets some feedback.

Members of this team would:

 - send out security announcements to our new mailing list[0]
 - have their GPG fingerprints on the public website so the
   announcements can be verified
 - potentially receive private security disclosures about the Nix
   ecosystem
 - (hopefully) help with weekly security roundups and bug fixing

Long term, they are likely to be initial candidates for when we're
seeking membership to the oss-security's "distros" list[1], and perhaps
more direct involvement in security roadmap issues[2].

I think it is important that the members of this project have a history
of interest in NixOS's security, and a general history of contributions
to the project.

I nominate the following people:

 - myself obviously, Graham Christensen (grahamc)
 - Daniel Peebles (copumpkin)
 - Domen Kožar (domenkozar)
 - Franz Pletz (fpletz)

For Daniel and Domen, they are both fairly ( ;) ) respectable members of
the community, have a long history of involvement, and both directly
expressed interest on the thread about the "distros" mailing list[1].

For me, well, I think my initiative, consistency, and history speaks for
itself[6,7]. (I also expressed interest in that same "distros"
thread.[3])

For Franz, he is an incredibly consistent partner in the security
roundups, and whose efforts I based the roundups process on.

For Eelco and Rob Vermaas (not listed above,) I don't think they need
nominating, and will be on the team if they want. (I'm assuming they'll
want.)

I haven't asked Daniel, Domen, or Franz if they would like to be
members, so this is obviously pending their acceptance, and the approval
of the community.

Daniel, Domen, Franz, and Community: what do you think? A simple "+1"
would be helpful, even if you have no further feedback.

Eelco, Rob: what do _you_ think?

Thank you,
Graham Christensen

0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html
1: https://github.com/NixOS/nixpkgs/issues/14819
2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290
3: Note that I originally did express interest, but deleted my comments
after [4] because peti was right. See: [5]
4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422
5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937
6: 
https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93
7: https://github.com/NixOS/security
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev