[Nix-dev] NixOS Security Team

Wed Dec 7 09:16:00 CET 2016

+1, thanks for organising this

On Wed, 7 Dec 2016, 08:02 Lancelot SIX, <lsix.nix at lancelotsix.com> wrote:

> Big +1 for me for all of the no nominees.
>
> BR
> Lancelot
>
> On 07/12/2016 04:40, Jonn Mostovoy wrote:
> > My 2c: nbp certainly should be nominated ;)
> >
> > Regarding the proposal — it has to happen sooner or later anyway, and
> > if someone is willing to start it now, +1!
> > —
> > Kindest regards,
> > ¬Σ
> >
> >
> > On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensen <graham at grahamc.com>
> wrote:
> >> Hello again Nix Users,
> >>
> >> I was talking with Domen the other day on IRC about starting the NixOS
> >> Security Team. We agreed we should run it by the mailing list first and
> >> gets some feedback.
> >>
> >> Members of this team would:
> >>
> >>  - send out security announcements to our new mailing list[0]
> >>  - have their GPG fingerprints on the public website so the
> >>    announcements can be verified
> >>  - potentially receive private security disclosures about the Nix
> >>    ecosystem
> >>  - (hopefully) help with weekly security roundups and bug fixing
> >>
> >> Long term, they are likely to be initial candidates for when we're
> >> seeking membership to the oss-security's "distros" list[1], and perhaps
> >> more direct involvement in security roadmap issues[2].
> >>
> >> I think it is important that the members of this project have a history
> >> of interest in NixOS's security, and a general history of contributions
> >> to the project.
> >>
> >> I nominate the following people:
> >>
> >>  - myself obviously, Graham Christensen (grahamc)
> >>  - Daniel Peebles (copumpkin)
> >>  - Domen Kožar (domenkozar)
> >>  - Franz Pletz (fpletz)
> >>
> >> For Daniel and Domen, they are both fairly ( ;) ) respectable members of
> >> the community, have a long history of involvement, and both directly
> >> expressed interest on the thread about the "distros" mailing list[1].
> >>
> >> For me, well, I think my initiative, consistency, and history speaks for
> >> itself[6,7]. (I also expressed interest in that same "distros"
> >> thread.[3])
> >>
> >> For Franz, he is an incredibly consistent partner in the security
> >> roundups, and whose efforts I based the roundups process on.
> >>
> >> For Eelco and Rob Vermaas (not listed above,) I don't think they need
> >> nominating, and will be on the team if they want. (I'm assuming they'll
> >> want.)
> >>
> >> I haven't asked Daniel, Domen, or Franz if they would like to be
> >> members, so this is obviously pending their acceptance, and the approval
> >> of the community.
> >>
> >> Daniel, Domen, Franz, and Community: what do you think? A simple "+1"
> >> would be helpful, even if you have no further feedback.
> >>
> >> Eelco, Rob: what do _you_ think?
> >>
> >> Thank you,
> >> Graham Christensen
> >>
> >> 0:
> http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html
> >> 1: https://github.com/NixOS/nixpkgs/issues/14819
> >> 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290
> >> 3: Note that I originally did express interest, but deleted my comments
> >> after [4] because peti was right. See: [5]
> >> 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422
> >> 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937
> >> 6:
> https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc&type=Issues&utf8=%E2%9C%93
> >> 7: https://github.com/NixOS/security
> >> _______________________________________________
> >> nix-dev mailing list
> >> nix-dev at lists.science.uu.nl
> >> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> > _______________________________________________
> > nix-dev mailing list
> > nix-dev at lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161207/2bbbac87/attachment-0001.html>