[Nix-dev] NixOS Security Team

Lancelot SIX lsix.nix at lancelotsix.com
Wed Dec 7 09:02:24 CET 2016 

Big +1 for me for all of the no nominees.

BR
Lancelot

On 07/12/2016 04:40, Jonn Mostovoy wrote:
> My 2c: nbp certainly should be nominated ;)
>
> Regarding the proposal — it has to happen sooner or later anyway, and
> if someone is willing to start it now, +1!
>> Kindest regards,
> ¬Σ
>
>
> On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensen <graham at grahamc.com> wrote:
>> Hello again Nix Users,
>>
>> I was talking with Domen the other day on IRC about starting the NixOS
>> Security Team. We agreed we should run it by the mailing list first and
>> gets some feedback.
>>
>> Members of this team would:
>>
>>  - send out security announcements to our new mailing list[0]
>>  - have their GPG fingerprints on the public website so the
>>    announcements can be verified
>>  - potentially receive private security disclosures about the Nix
>>    ecosystem
>>  - (hopefully) help with weekly security roundups and bug fixing
>>
>> Long term, they are likely to be initial candidates for when we're
>> seeking membership to the oss-security's "distros" list[1], and perhaps
>> more direct involvement in security roadmap issues[2].
>>
>> I think it is important that the members of this project have a history
>> of interest in NixOS's security, and a general history of contributions
>> to the project.
>>
>> I nominate the following people:
>>
>>  - myself obviously, Graham Christensen (grahamc)
>>  - Daniel Peebles (copumpkin)
>>  - Domen Kožar (domenkozar)
>>  - Franz Pletz (fpletz)
>>
>> For Daniel and Domen, they are both fairly ( ;) ) respectable members of
>> the community, have a long history of involvement, and both directly
>> expressed interest on the thread about the "distros" mailing list[1].
>>
>> For me, well, I think my initiative, consistency, and history speaks for
>> itself[6,7]. (I also expressed interest in that same "distros"
>> thread.[3])
>>
>> For Franz, he is an incredibly consistent partner in the security
>> roundups, and whose efforts I based the roundups process on.
>>
>> For Eelco and Rob Vermaas (not listed above,) I don't think they need
>> nominating, and will be on the team if they want. (I'm assuming they'll
>> want.)
>>
>> I haven't asked Daniel, Domen, or Franz if they would like to be
>> members, so this is obviously pending their acceptance, and the approval
>> of the community.
>>
>> Daniel, Domen, Franz, and Community: what do you think? A simple "+1"
>> would be helpful, even if you have no further feedback.
>>
>> Eelco, Rob: what do _you_ think?
>>
>> Thank you,
>> Graham Christensen
>>
>> 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html
>> 1: https://github.com/NixOS/nixpkgs/issues/14819
>> 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290
>> 3: Note that I originally did express interest, but deleted my comments
>> after [4] because peti was right. See: [5]
>> 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422
>> 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937
>> 6: https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc&type=Issues&utf8=%E2%9C%93
>> 7: https://github.com/NixOS/security
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev

More information about the nix-dev mailing list