... | ... | @@ -4,7 +4,7 @@ |
|
|
* Proposed-by: Nick
|
|
|
* Facilitator: ~~Micah~~
|
|
|
* Who: Developers, admins, anybody who fixes security issues
|
|
|
* Note taker:
|
|
|
* Note taker: GeKo and others
|
|
|
* Duration: 1 hour
|
|
|
* Description: The network team uses a set of security policies to decide how to classify and respond to security issues, and a simple registry to keep track of them. This helps with transparency and visibility into our security process. Who else would like to adopt this kind of practice, and how might we want to adapt it?
|
|
|
* Links: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/SecurityPolicy https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE
|
... | ... | @@ -73,4 +73,4 @@ |
|
|
- retire schleuder security list for sec bug reporting
|
|
|
- consensus for looking at TROVE process for other teams/whole project, getting specific gitlab project going for that for tickets to coordinate that discussion (maybe @rhatto can help with that) (repository opening first week after the meeting week, having this finalized at least by the end of 2022)
|
|
|
- getting anon-reporting/lobby tools maintained
|
|
|
- for further ideas, discussions around this problem, see the [security issue intake process ticket](https://gitlab.torproject.org/tpo/team/-/issues/73 "Security issue intake process") as well |
|
|
\ No newline at end of file |
|
|
- for further ideas, discussions around this problem, see the [security issue intake process ticket](https://gitlab.torproject.org/tpo/team/-/issues/73 "Security issue intake process") as well |