From: Bruce Mitchell <bruce.mitchell@linux.vnet.ibm.com>
To: Brad Bishop <bradleyb@fuzziesquirrel.com>,
Andrew Geissler <geissonator@gmail.com>
Cc: openbmc <openbmc@lists.ozlabs.org>, Joseph Reynolds <jrey@linux.ibm.com>
Subject: Re: Start using github security advisories
Date: Mon, 18 Oct 2021 12:06:00 -0700 [thread overview]
Message-ID: <cd2f6175-475f-0e5a-0b65-4f7a12959ab6@linux.vnet.ibm.com> (raw)
In-Reply-To: <20211018184958.zajwqmloxsyxmxv2@cheese>
On 10/18/2021 11:49, Brad Bishop wrote:
> On Thu, Oct 14, 2021 at 02:12:20PM -0500, Andrew Geissler wrote:
>>> Per today's Security working group meeting, we want to start using
>>> [GitHub security advisories][]. I think we need someone with admin
>>> permissions to github.com/openbmc/openbmc to create new advisories.
>>> Then we'll want a group (team? perhaps security-response-team) with
>>> the current OpenBMC [security response team][] members. (I have that
>>> list.)
>>
>> Looks like you’ll need admin authority on openbmc/openbmc in order to
>> utilize the security advisories feature. I wonder if it’s better to
>> create a openbmc/security repo and we can give you and the security
>> team admin of that repo for this work? This would also provide a
>> potential location to track github issues for the security team.
>
> This was my thinking as well Andrew. I'll create
> openbmc/security-response if I don't see any complaints in the next
> little while.
>
> -brad
I believe we want to make sure that none of security advisories
get sent to Discord, wouldn't want to accidentally be going to
something like #gh-issues.
next prev parent reply other threads:[~2021-10-18 19:07 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-13 20:56 Start using github security advisories Joseph Reynolds
2021-10-14 19:12 ` Andrew Geissler
2021-10-18 18:49 ` Brad Bishop
2021-10-18 19:06 ` Bruce Mitchell [this message]
2021-10-27 18:29 ` Mihm, James
2021-10-27 19:29 ` Brad Bishop
2021-10-27 19:42 ` Brad Bishop
2021-10-28 13:31 ` Joseph Reynolds
2021-10-28 13:43 ` Patrick Williams
2021-10-28 14:22 ` Joseph Reynolds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cd2f6175-475f-0e5a-0b65-4f7a12959ab6@linux.vnet.ibm.com \
--to=bruce.mitchell@linux.vnet.ibm.com \
--cc=bradleyb@fuzziesquirrel.com \
--cc=geissonator@gmail.com \
--cc=jrey@linux.ibm.com \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).