Request to participate in C.E.R.T.

43 views
Skip to first unread message

Antonio Manuel Muñiz Martín

unread,
Apr 15, 2016, 7:26:40 AM4/15/16
to jenkin...@googlegroups.com
Hello,

I think I could help fixing/testing/reviewing Jenkins (core or plugins) security patches. I'm participating in more plugins over the time (even becoming maintainer in some of them) and I'd like to beware (and help fixing) security issues.

According to the guidelines in the Jenkins CERT team wiki page I've submitted my ICLA:

    Name: Antonio Muñiz
    CLA: ICLA / CCLA submitted but not merged - https://github.com/jenkinsci/infra-cla/pull/32
    Company: CloudBees
    GitHub ID: amuniz
    Jenkins ID: amuniz
    E-mail: amuniz...@gmail.com

--
* Antonio Manuel Muñiz
* amunizmartin.com
* amuniz...@gmail.com

Daniel Beck

unread,
Apr 15, 2016, 7:55:46 AM4/15/16
to jenkin...@googlegroups.com
Hi Antonio,

I put your request on the agenda for the next project meeting.

Note that we can already give you access to select issues in plugins you're maintaining. This is something we recently started doing. If you don't have a SECURITY issue assigned, that's probably a good sign…
https://wiki.jenkins-ci.org/display/SECURITY/SECURITY+issues+in+plugins

Daniel
> --
> You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CACpar95ChEh-7p%2BZy%3D8RHA_4PbAfFrTLG2ZiqAX5gkKSUe0OGQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

Oliver Gondža

unread,
Apr 15, 2016, 8:41:12 AM4/15/16
to jenkin...@googlegroups.com
On 04/15/2016 01:55 PM, Daniel Beck wrote:
> Hi Antonio,
>
> I put your request on the agenda for the next project meeting.

Do we really need to fill the agenda with tasks like this? How about
several people giving thumbs up/down here to approve asynchronously and
discuss only if there is not consensus? Anyway, here is my +1.

--
oliver

Baptiste Mathus

unread,
Apr 15, 2016, 9:26:31 AM4/15/16
to Jenkins Developers
Oliver, I think it somehow *has* to be this way due to governance model of Jenkins. 

And as Stephen phrased it, the IRC meeting should preferably be only a rubber stamping event on things already discussed and preferably (mostly?) agreed on. 
On such a subject even more possibly, I guess I would feel uncomfortable if that is only known and discussed during the meeting. (also because that meeting is not evenly easy to attend to the community members depending on many things like personal lives/organization, TZ, and so on).

So, +1 from also on the question. So that the subject can actually be tackled quicklier during the gov meeting.

My 2 cents

-- Baptiste




--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-de...@googlegroups.com.

Kohsuke Kawaguchi

unread,
Apr 16, 2016, 1:15:38 AM4/16/16
to jenkin...@googlegroups.com
As a part of the authority given to the security team lead, it is my understanding that it is up to Daniel to decide how to enroll new people to the CERT team. As the document describes, that structure is built precisely so that every decision doesn't have to go through the project meeting.

That said, since it is Daniel who's asking this to be on the agenda, and I agree with both Oliver and Baptise that having +1 here would streamline the meeting, here's my +1 too FWIW.


Daniel Beck

unread,
Apr 27, 2016, 2:41:01 PM4/27/16
to jenkin...@googlegroups.com

> On 15.04.2016, at 13:55, Daniel Beck <m...@beckweb.net> wrote:
>
> I put your request on the agenda for the next project meeting.

This request is approved.

Reply all
Reply to author
Forward
0 new messages