Re: [Nix-dev] NixOS Security Team
On 12/07/2016 12:52 PM, Graham Christensen wrote: > That is also why I didn't suggest vcunat and others. I wouldn't mind being on the team indeed... (as Rob beautifully put it) but I can't promise to sustain putting a significant amount of work into it - which doesn't mean I won't - I'm just unable to predict that and I tend to over-commit myself in general. Me officially (not) being part of the team probably won't affect much my participation on solving the security issues, whatever that membership turns out to mean exactly. BTW, all the people mentioned so far do qualify IMO (including @nbp). --Vladimir smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS Security Team
+1 to all - thanks for putting in the effort & energy! On 7 December 2016 at 11:52, Graham Christensenwrote: > Rob Vermaas writes: > > > > > I am fine with any of the nominees mentioned. But I am sure there > > might be others that are willing and able to help (as mentioned, e.g. > > nbp), we should make sure we are open to accepting help of such > > people, and make sure they do not feel left out. > > > > Yes indeed! I thought about nbp, but noted that he didn't specifically > mention interest in that thread. That is also why I didn't suggest > vcunat and others. > > If someone is interested, please do speak up! > > Graham > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS Security Team
Rob Vermaaswrites: > > I am fine with any of the nominees mentioned. But I am sure there > might be others that are willing and able to help (as mentioned, e.g. > nbp), we should make sure we are open to accepting help of such > people, and make sure they do not feel left out. > Yes indeed! I thought about nbp, but noted that he didn't specifically mention interest in that thread. That is also why I didn't suggest vcunat and others. If someone is interested, please do speak up! Graham ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS Security Team
Hi Graham, Thanks for leading the effort of setting this up. > For Eelco and Rob Vermaas (not listed above,) I don't think they need > nominating, and will be on the team if they want. (I'm assuming they'll > want.) I wouldn't mind being on the team indeed. > Eelco, Rob: what do _you_ think? I am fine with any of the nominees mentioned. But I am sure there might be others that are willing and able to help (as mentioned, e.g. nbp), we should make sure we are open to accepting help of such people, and make sure they do not feel left out. -- Rob Vermaas [email] rob.verm...@gmail.com ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS Security Team
+1, thanks for organising this On Wed, 7 Dec 2016, 08:02 Lancelot SIX,wrote: > Big +1 for me for all of the no nominees. > > BR > Lancelot > > On 07/12/2016 04:40, Jonn Mostovoy wrote: > > My 2c: nbp certainly should be nominated ;) > > > > Regarding the proposal — it has to happen sooner or later anyway, and > > if someone is willing to start it now, +1! > > — > > Kindest regards, > > ¬Σ > > > > > > On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensen > wrote: > >> Hello again Nix Users, > >> > >> I was talking with Domen the other day on IRC about starting the NixOS > >> Security Team. We agreed we should run it by the mailing list first and > >> gets some feedback. > >> > >> Members of this team would: > >> > >> - send out security announcements to our new mailing list[0] > >> - have their GPG fingerprints on the public website so the > >>announcements can be verified > >> - potentially receive private security disclosures about the Nix > >>ecosystem > >> - (hopefully) help with weekly security roundups and bug fixing > >> > >> Long term, they are likely to be initial candidates for when we're > >> seeking membership to the oss-security's "distros" list[1], and perhaps > >> more direct involvement in security roadmap issues[2]. > >> > >> I think it is important that the members of this project have a history > >> of interest in NixOS's security, and a general history of contributions > >> to the project. > >> > >> I nominate the following people: > >> > >> - myself obviously, Graham Christensen (grahamc) > >> - Daniel Peebles (copumpkin) > >> - Domen Kožar (domenkozar) > >> - Franz Pletz (fpletz) > >> > >> For Daniel and Domen, they are both fairly ( ;) ) respectable members of > >> the community, have a long history of involvement, and both directly > >> expressed interest on the thread about the "distros" mailing list[1]. > >> > >> For me, well, I think my initiative, consistency, and history speaks for > >> itself[6,7]. (I also expressed interest in that same "distros" > >> thread.[3]) > >> > >> For Franz, he is an incredibly consistent partner in the security > >> roundups, and whose efforts I based the roundups process on. > >> > >> For Eelco and Rob Vermaas (not listed above,) I don't think they need > >> nominating, and will be on the team if they want. (I'm assuming they'll > >> want.) > >> > >> I haven't asked Daniel, Domen, or Franz if they would like to be > >> members, so this is obviously pending their acceptance, and the approval > >> of the community. > >> > >> Daniel, Domen, Franz, and Community: what do you think? A simple "+1" > >> would be helpful, even if you have no further feedback. > >> > >> Eelco, Rob: what do _you_ think? > >> > >> Thank you, > >> Graham Christensen > >> > >> 0: > http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html > >> 1: https://github.com/NixOS/nixpkgs/issues/14819 > >> 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290 > >> 3: Note that I originally did express interest, but deleted my comments > >> after [4] because peti was right. See: [5] > >> 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422 > >> 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937 > >> 6: > https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93 > >> 7: https://github.com/NixOS/security > >> ___ > >> nix-dev mailing list > >> nix-dev@lists.science.uu.nl > >> http://lists.science.uu.nl/mailman/listinfo/nix-dev > > ___ > > nix-dev mailing list > > nix-dev@lists.science.uu.nl > > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS Security Team
Big +1 for me for all of the no nominees. BR Lancelot On 07/12/2016 04:40, Jonn Mostovoy wrote: > My 2c: nbp certainly should be nominated ;) > > Regarding the proposal — it has to happen sooner or later anyway, and > if someone is willing to start it now, +1! > — > Kindest regards, > ¬Σ > > > On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensenwrote: >> Hello again Nix Users, >> >> I was talking with Domen the other day on IRC about starting the NixOS >> Security Team. We agreed we should run it by the mailing list first and >> gets some feedback. >> >> Members of this team would: >> >> - send out security announcements to our new mailing list[0] >> - have their GPG fingerprints on the public website so the >>announcements can be verified >> - potentially receive private security disclosures about the Nix >>ecosystem >> - (hopefully) help with weekly security roundups and bug fixing >> >> Long term, they are likely to be initial candidates for when we're >> seeking membership to the oss-security's "distros" list[1], and perhaps >> more direct involvement in security roadmap issues[2]. >> >> I think it is important that the members of this project have a history >> of interest in NixOS's security, and a general history of contributions >> to the project. >> >> I nominate the following people: >> >> - myself obviously, Graham Christensen (grahamc) >> - Daniel Peebles (copumpkin) >> - Domen Kožar (domenkozar) >> - Franz Pletz (fpletz) >> >> For Daniel and Domen, they are both fairly ( ;) ) respectable members of >> the community, have a long history of involvement, and both directly >> expressed interest on the thread about the "distros" mailing list[1]. >> >> For me, well, I think my initiative, consistency, and history speaks for >> itself[6,7]. (I also expressed interest in that same "distros" >> thread.[3]) >> >> For Franz, he is an incredibly consistent partner in the security >> roundups, and whose efforts I based the roundups process on. >> >> For Eelco and Rob Vermaas (not listed above,) I don't think they need >> nominating, and will be on the team if they want. (I'm assuming they'll >> want.) >> >> I haven't asked Daniel, Domen, or Franz if they would like to be >> members, so this is obviously pending their acceptance, and the approval >> of the community. >> >> Daniel, Domen, Franz, and Community: what do you think? A simple "+1" >> would be helpful, even if you have no further feedback. >> >> Eelco, Rob: what do _you_ think? >> >> Thank you, >> Graham Christensen >> >> 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html >> 1: https://github.com/NixOS/nixpkgs/issues/14819 >> 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290 >> 3: Note that I originally did express interest, but deleted my comments >> after [4] because peti was right. See: [5] >> 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422 >> 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937 >> 6: >> https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93 >> 7: https://github.com/NixOS/security >> ___ >> nix-dev mailing list >> nix-dev@lists.science.uu.nl >> http://lists.science.uu.nl/mailman/listinfo/nix-dev > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] NixOS Security Team
My 2c: nbp certainly should be nominated ;) Regarding the proposal — it has to happen sooner or later anyway, and if someone is willing to start it now, +1! — Kindest regards, ¬Σ On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensenwrote: > > Hello again Nix Users, > > I was talking with Domen the other day on IRC about starting the NixOS > Security Team. We agreed we should run it by the mailing list first and > gets some feedback. > > Members of this team would: > > - send out security announcements to our new mailing list[0] > - have their GPG fingerprints on the public website so the >announcements can be verified > - potentially receive private security disclosures about the Nix >ecosystem > - (hopefully) help with weekly security roundups and bug fixing > > Long term, they are likely to be initial candidates for when we're > seeking membership to the oss-security's "distros" list[1], and perhaps > more direct involvement in security roadmap issues[2]. > > I think it is important that the members of this project have a history > of interest in NixOS's security, and a general history of contributions > to the project. > > I nominate the following people: > > - myself obviously, Graham Christensen (grahamc) > - Daniel Peebles (copumpkin) > - Domen Kožar (domenkozar) > - Franz Pletz (fpletz) > > For Daniel and Domen, they are both fairly ( ;) ) respectable members of > the community, have a long history of involvement, and both directly > expressed interest on the thread about the "distros" mailing list[1]. > > For me, well, I think my initiative, consistency, and history speaks for > itself[6,7]. (I also expressed interest in that same "distros" > thread.[3]) > > For Franz, he is an incredibly consistent partner in the security > roundups, and whose efforts I based the roundups process on. > > For Eelco and Rob Vermaas (not listed above,) I don't think they need > nominating, and will be on the team if they want. (I'm assuming they'll > want.) > > I haven't asked Daniel, Domen, or Franz if they would like to be > members, so this is obviously pending their acceptance, and the approval > of the community. > > Daniel, Domen, Franz, and Community: what do you think? A simple "+1" > would be helpful, even if you have no further feedback. > > Eelco, Rob: what do _you_ think? > > Thank you, > Graham Christensen > > 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html > 1: https://github.com/NixOS/nixpkgs/issues/14819 > 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290 > 3: Note that I originally did express interest, but deleted my comments > after [4] because peti was right. See: [5] > 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422 > 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937 > 6: > https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93 > 7: https://github.com/NixOS/security > ___ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
[Nix-dev] NixOS Security Team
Hello again Nix Users, I was talking with Domen the other day on IRC about starting the NixOS Security Team. We agreed we should run it by the mailing list first and gets some feedback. Members of this team would: - send out security announcements to our new mailing list[0] - have their GPG fingerprints on the public website so the announcements can be verified - potentially receive private security disclosures about the Nix ecosystem - (hopefully) help with weekly security roundups and bug fixing Long term, they are likely to be initial candidates for when we're seeking membership to the oss-security's "distros" list[1], and perhaps more direct involvement in security roadmap issues[2]. I think it is important that the members of this project have a history of interest in NixOS's security, and a general history of contributions to the project. I nominate the following people: - myself obviously, Graham Christensen (grahamc) - Daniel Peebles (copumpkin) - Domen Kožar (domenkozar) - Franz Pletz (fpletz) For Daniel and Domen, they are both fairly ( ;) ) respectable members of the community, have a long history of involvement, and both directly expressed interest on the thread about the "distros" mailing list[1]. For me, well, I think my initiative, consistency, and history speaks for itself[6,7]. (I also expressed interest in that same "distros" thread.[3]) For Franz, he is an incredibly consistent partner in the security roundups, and whose efforts I based the roundups process on. For Eelco and Rob Vermaas (not listed above,) I don't think they need nominating, and will be on the team if they want. (I'm assuming they'll want.) I haven't asked Daniel, Domen, or Franz if they would like to be members, so this is obviously pending their acceptance, and the approval of the community. Daniel, Domen, Franz, and Community: what do you think? A simple "+1" would be helpful, even if you have no further feedback. Eelco, Rob: what do _you_ think? Thank you, Graham Christensen 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html 1: https://github.com/NixOS/nixpkgs/issues/14819 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290 3: Note that I originally did express interest, but deleted my comments after [4] because peti was right. See: [5] 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937 6: https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc=Issues=%E2%9C%93 7: https://github.com/NixOS/security ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev