Security Working Group meeting - Wednesday July 21 - results

Patrick Williams patrick at stwcx.xyz
Thu Jul 22 07:00:35 AEST 2021


On Wed, Jul 21, 2021 at 02:49:11PM -0500, Joseph Reynolds wrote:
> On 7/20/21 5:45 PM, Joseph Reynolds wrote:

> 5 What is happening with getting a private database to track 
> vulnerability submissions?  This would be used by the OpenBMC security 
> response team 
> https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team.md 
> <https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team.md>to 
> record security vulnerabilities which were reported to OpenBMC and not 
> yet fixed or publicly disclosed.  Only members of the OpenBMC security 
> response team would have access (read/write access).
> 
> DISCUSSION:
> 
> Surya plans to set up bugzilla.
> 
> Contact Andrew Geissler in his role as OpenBMC community infrastructure 
> if you need a server.

I've mentioned this before that we do not need to set up a bugzilla and that it
is a waste of time to manage a bugzilla instance.  We can create unlimited
private repositories in our github org.  We just need Brad to create one for
security discussions and add the people that are currently part of the security
ML to an ACL for access.

-- 
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20210721/6e095baf/attachment.sig>


More information about the openbmc mailing list