My 2c: nbp certainly should be nominated ;) Regarding the proposal — it has to happen sooner or later anyway, and if someone is willing to start it now, +1! — Kindest regards, ¬Σ
On Wed, Dec 7, 2016 at 2:49 AM, Graham Christensen <gra...@grahamc.com> wrote: > > Hello again Nix Users, > > I was talking with Domen the other day on IRC about starting the NixOS > Security Team. We agreed we should run it by the mailing list first and > gets some feedback. > > Members of this team would: > > - send out security announcements to our new mailing list[0] > - have their GPG fingerprints on the public website so the > announcements can be verified > - potentially receive private security disclosures about the Nix > ecosystem > - (hopefully) help with weekly security roundups and bug fixing > > Long term, they are likely to be initial candidates for when we're > seeking membership to the oss-security's "distros" list[1], and perhaps > more direct involvement in security roadmap issues[2]. > > I think it is important that the members of this project have a history > of interest in NixOS's security, and a general history of contributions > to the project. > > I nominate the following people: > > - myself obviously, Graham Christensen (grahamc) > - Daniel Peebles (copumpkin) > - Domen Kožar (domenkozar) > - Franz Pletz (fpletz) > > For Daniel and Domen, they are both fairly ( ;) ) respectable members of > the community, have a long history of involvement, and both directly > expressed interest on the thread about the "distros" mailing list[1]. > > For me, well, I think my initiative, consistency, and history speaks for > itself[6,7]. (I also expressed interest in that same "distros" > thread.[3]) > > For Franz, he is an incredibly consistent partner in the security > roundups, and whose efforts I based the roundups process on. > > For Eelco and Rob Vermaas (not listed above,) I don't think they need > nominating, and will be on the team if they want. (I'm assuming they'll > want.) > > I haven't asked Daniel, Domen, or Franz if they would like to be > members, so this is obviously pending their acceptance, and the approval > of the community. > > Daniel, Domen, Franz, and Community: what do you think? A simple "+1" > would be helpful, even if you have no further feedback. > > Eelco, Rob: what do _you_ think? > > Thank you, > Graham Christensen > > 0: http://lists.science.uu.nl/pipermail/nix-dev/2016-November/022207.html > 1: https://github.com/NixOS/nixpkgs/issues/14819 > 2: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212337290 > 3: Note that I originally did express interest, but deleted my comments > after [4] because peti was right. See: [5] > 4: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-212550422 > 5: https://github.com/NixOS/nixpkgs/issues/14819#issuecomment-213805937 > 6: > https://github.com/NixOS/nixpkgs/search?q=%22Vulnerability+Roundup%22+author%3Agrahamc&type=Issues&utf8=%E2%9C%93 > 7: https://github.com/NixOS/security > _______________________________________________ > nix-dev mailing list > nix-dev@lists.science.uu.nl > http://lists.science.uu.nl/mailman/listinfo/nix-dev _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev