I finally come back to this and added all those that volunteered.
... except Michael, where Google didn't let me. It said you opted out of being added/invited to a group. Any other e-mail address I can use to add you there?
On 09/22/2012 10:29 AM, Kohsuke Kawaguchi wrote:
Occasionally people discover vulnerabilities in Jenkins. Because of the nature of the problem, we need a closed-door venue to discuss and work on the fixes. We discussed about improving this process in the last project meeting [1], and as per the consensus, I created a new private mailing list [2]. This list will be used to discuss the fixes and vulnerabilities until the fix gets released. It receive notifications for tickets filed in the SECURITY project in JIRA [4]. This e-mail is a call for volunteers who would be willing to work on the security related issues. Because of the nature of the problem, we can't just add everyone like we do on our other repositories, but we do need several people on it to reduce the bus factor [5]. I request that only those who are interested in actually working on the fix to apply. We'd also like to require that you place CLA [6] before you apply. [1] http://meetings.jenkins-ci.org/jenkins/2012/jenkins.2012-09-19-18.00.html [2] https://groups.google.com/forum/#!forum/jenkinsci-cert [3] https://wiki.jenkins-ci.org/display/JENKINS/Security+Advisories [4] https://issues.jenkins-ci.org/browse/SECURITY [5] http://en.wikipedia.org/wiki/Bus_factor [6] https://wiki.jenkins-ci.org/display/JENKINS/Governance+Document#GovernanceDocument-ContributorLicenseAgreement%28CLA%29
-- Kohsuke Kawaguchi http://kohsuke.org/
