Request to participate in C.E.R.T.

[Antonio Manuel Muñiz Martín]

Hello,

I think I could help fixing/testing/reviewing Jenkins (core or plugins) security patches. I'm participating in more plugins over the time (even becoming maintainer in some of them) and I'd like to beware (and help fixing) security issues.

According to the guidelines in the Jenkins CERT team wiki page I've submitted my ICLA:

    Name: Antonio Muñiz
    CLA: ICLA / CCLA submitted but not merged - https://github.com/jenkinsci/infra-cla/pull/32
    Company: CloudBees
    GitHub ID: amuniz
    Jenkins ID: amuniz
    E-mail: amuniz...@gmail.com

--

* Antonio Manuel Muñiz
* amunizmartin.com
* amuniz...@gmail.com

[Daniel Beck]

Hi Antonio,

I put your request on the agenda for the next project meeting.

Note that we can already give you access to select issues in plugins you're maintaining. This is something we recently started doing. If you don't have a SECURITY issue assigned, that's probably a good sign…
https://wiki.jenkins-ci.org/display/SECURITY/SECURITY+issues+in+plugins

Daniel

> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CACpar95ChEh-7p%2BZy%3D8RHA_4PbAfFrTLG2ZiqAX5gkKSUe0OGQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

[Oliver Gondža]

On 04/15/2016 01:55 PM, Daniel Beck wrote:
> Hi Antonio,
>
> I put your request on the agenda for the next project meeting.

Do we really need to fill the agenda with tasks like this? How about
several people giving thumbs up/down here to approve asynchronously and
discuss only if there is not consensus? Anyway, here is my +1.

--
oliver

[Baptiste Mathus]

Oliver, I think it somehow *has* to be this way due to governance model of Jenkins. 

And as Stephen phrased it, the IRC meeting should preferably be only a rubber stamping event on things already discussed and preferably (mostly?) agreed on. 

On such a subject even more possibly, I guess I would feel uncomfortable if that is only known and discussed during the meeting. (also because that meeting is not evenly easy to attend to the community members depending on many things like personal lives/organization, TZ, and so on).

So, +1 from also on the question. So that the subject can actually be tackled quicklier during the gov meeting.

My 2 cents

-- Baptiste

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/5710E163.4080708%40gmail.com.

[Kohsuke Kawaguchi]

As a part of the authority given to the security team lead, it is my understanding that it is up to Daniel to decide how to enroll new people to the CERT team. As the document describes, that structure is built precisely so that every decision doesn't have to go through the project meeting.

That said, since it is Daniel who's asking this to be on the agenda, and I agree with both Oliver and Baptise that having +1 here would streamline the meeting, here's my +1 too FWIW.

To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANWgJS7mtCsYcddP0Z8k0PJBVET22WqqgxX5Eu5Q7Npna2Uw8w%40mail.gmail.com.

[Daniel Beck]

> On 15.04.2016, at 13:55, Daniel Beck <m...@beckweb.net> wrote:
>
> I put your request on the agenda for the next project meeting.

This request is approved.