(fwd) Re: Request for participation: Jenkins Security Officer candidates

[R. Tyler Croy]

I was reminded today that I completely forgot to send out an update on this! My
apologies, time flies when you're having fun I suppose.

I would like to thank the candidates who spoke up and offered their time to act
in the capacity as the Jenkins Security Officer. The board has selected Daniel
Beck to continue on as the Jenkins project's Security Officer.

Since the failure was on the communication part, not the decision making part,
I have updated the wiki to reflect that Daniel's term actually started in
December. See 


For more information about Jenkins CERT or our responsible disclosure policies,
please see: https://jenkins.io/security/



Thanks Daniel for your continued work to make Jenkins more secure \o/




On Fri, 08 Dec 2017, R. Tyler Croy wrote:

> Time flies when you're having fun, and or, releasing a whole bunch of security
> advisories and patches :)
>
> I should thank Daniel Beck for leading CERT over the past couple years in his
> tenure as the Jenkins Security Officer. Jenkins is more secure than effort
> thanks to his, and others', diligent efforts.
>
> In accordance with our previously agreed upon team lead proposal
> (https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+Project+sub-teams)
> I am now asking, again, on behalf of the Jenkins board[1] for candidates who
> are willing to act as the Jenkins Security Officer.
>
> The responsibilities of the Jenkins Security Officer would be to lead Jenkins
> Security (CERT) team, and:
>
> * Run the Jenkins CERT meeting
> * Manage sending gifts to qualifying reporters of resolved security issues [2]
> * Coordinate work on, and releases, of security fixes with plugin authors,
>   Kohsuke and the LTS team lead
> * Publish Security Advisories (including CVE IDs and CVSS) and notify the 
> mailing
>   list
> * Drive security policy definition/changes in the community
> * Represent the Jenkins project on security topics with third parties
>
>
> The expected term of the Security Officer would be 12 months.
>
>
>
> Contributors interested in being considered for the Jenkins Security Officer
> position should email the board: jenkinsci-bo...@googlegroups.com in the *next
> seven days* explaining their qualifications for the position.
>
> In seven days the board will select a candidate to appoint to the position who
> will be able to act on behalf of the Governance Board on matters pertaining to
> the position described above
>
>
> Thanks!
>
>
> [0] https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CERT+team
> [1] The current board: 
> 
> [2] 
> https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+reporting+security+issues
>
> - R. Tyler Croy
>
> --
>  Code: 
>   Chatter: 
>
>   % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
> --
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/20171208194139.omtoenz67zlttauo%40blackberry.coupleofllamas.com.
> For more options, visit https://groups.google.com/d/optout.



- R. Tyler Croy

--
 Code: 
  Chatter: 
 xmpp: rty...@jabber.org

  % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
--

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20180217200547.ncmtpgwwi6lajubd%40blackberry.coupleofllamas.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Request for participation: Jenkins Security Officer candidates

[R. Tyler Croy]

Time flies when you're having fun, and or, releasing a whole bunch of security
advisories and patches :)

I should thank Daniel Beck for leading CERT over the past couple years in his
tenure as the Jenkins Security Officer. Jenkins is more secure than effort
thanks to his, and others', diligent efforts.

In accordance with our previously agreed upon team lead proposal
(https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+Project+sub-teams)
I am now asking, again, on behalf of the Jenkins board[1] for candidates who
are willing to act as the Jenkins Security Officer.

The responsibilities of the Jenkins Security Officer would be to lead Jenkins
Security (CERT) team, and:

* Run the Jenkins CERT meeting
* Manage sending gifts to qualifying reporters of resolved security issues [2]
* Coordinate work on, and releases, of security fixes with plugin authors,
  Kohsuke and the LTS team lead
* Publish Security Advisories (including CVE IDs and CVSS) and notify the 
mailing
  list
* Drive security policy definition/changes in the community
* Represent the Jenkins project on security topics with third parties


The expected term of the Security Officer would be 12 months.



Contributors interested in being considered for the Jenkins Security Officer
position should email the board: jenkinsci-bo...@googlegroups.com in the *next
seven days* explaining their qualifications for the position.

In seven days the board will select a candidate to appoint to the position who
will be able to act on behalf of the Governance Board on matters pertaining to
the position described above


Thanks!


[0] https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CERT+team
[1] The current board: 

[2] 
https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+reporting+security+issues

- R. Tyler Croy

--
 Code: 
  Chatter: 

  % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
--

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20171208194829.o4so5ercvgzel6tf%40blackberry.coupleofllamas.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: Request for participation: Jenkins Security Officer candidates

[Alyssa Tong]

Congrats Daniel.

On Fri, Dec 9, 2016 at 1:21 PM, R. Tyler Croy  wrote:

>
> In this week's Governance Meeting it was announced that the board has
> appointed
> Daniel Beck to his second term as the Jenkins Security Officer
>
> See  >
>
> For more information about Jenkins CERT or our responsible disclosure
> policies,
> please see: https://jenkins.io/security/
>
>
>
> On Mon, 21 Nov 2016, R. Tyler Croy wrote:
>
> >
> > First, let me thank Daniel Beck for his work as the inaugural Jenkins
> Security
> > Officer over the past year. I would also like to thank the numerous
> members of
> > the CERT[0] team who have helped Daniel guide the project's security
> policies,
> > disclosures and updates.
> >
> > In accordance with our previously agreed upon team lead proposal
> > (https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+
> Project+sub-teams)
> > I am now asking, again, on behalf of the Jenkins board[1] for candidates
> who
> > are willing to act as the Jenkins Security Officer.
> >
> >
> > The responsibilities of the Jenkins Security Officer would be to lead
> Jenkins
> > Security (CERT) team, and:
> >
> > * Run the Jenkins CERT meeting
> > * Manage sending gifts to qualifying reporters of resolved security
> issues [2]
> > * Coordinate work on, and releases, of security fixes with plugin
> authors,
> >   Kohsuke and the LTS team lead
> > * Publish Security Advisories (including CVE IDs and CVSS) and notify
> the mailing
> >   list
> > * Drive security policy definition/changes in the community
> > * Represent the Jenkins project on security topics with third parties
> >
> >
> > The expected term of the Security Officer would be 12 months.
> >
> >
> >
> > Contributors interested in being considered for the Jenkins Security
> Officer
> > position should email the board: jenkinsci-bo...@googlegroups.com in
> the *next
> > seven days* explaining their qualifications for the position.
> >
> > In seven days the board will select a candidate to appoint to the
> position who
> > will be able to act on behalf of the Governance Board on matters
> pertaining to
> > the position described above
> >
> >
> > Thanks!
> >
> >
> > [0] https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CERT+team
> > [1] The current board:  display/JENKINS/Governance+Board>
> > [2] https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+
> reporting+security+issues
> >
> > - R. Tyler Croy
> >
> > --
> >  Code: 
> >   Chatter: 
> >
> >   % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
> > --
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups "Jenkins Users" group.
> > To unsubscribe from this group and stop receiving emails from it, send
> an email to jenkinsci-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/
> msgid/jenkinsci-users/20161121214738.GA3000%40blackberry.coupleofllamas.
> com.
> > For more options, visit https://groups.google.com/d/optout.
>
>
>
> - R. Tyler Croy
>
> --
>  Code: 
>   Chatter: 
>
>   % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
> --
>
> --
> You received this message because you are subscribed to the Google Groups
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/jenkinsci-dev/20161209212142.GB21965%40blackberry.coupleofllamas.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/CAC9wNaxfPhLs36Vr72nxv2RnAkLy%2Bu0pis0_XZ%3Dtq36fb7awVw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Request for participation: Jenkins Security Officer candidates

[R. Tyler Croy]

In this week's Governance Meeting it was announced that the board has appointed
Daniel Beck to his second term as the Jenkins Security Officer

See 

For more information about Jenkins CERT or our responsible disclosure policies,
please see: https://jenkins.io/security/



On Mon, 21 Nov 2016, R. Tyler Croy wrote:

>
> First, let me thank Daniel Beck for his work as the inaugural Jenkins Security
> Officer over the past year. I would also like to thank the numerous members of
> the CERT[0] team who have helped Daniel guide the project's security policies,
> disclosures and updates.
>
> In accordance with our previously agreed upon team lead proposal
> (https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+Project+sub-teams)
> I am now asking, again, on behalf of the Jenkins board[1] for candidates who
> are willing to act as the Jenkins Security Officer.
>
>
> The responsibilities of the Jenkins Security Officer would be to lead Jenkins
> Security (CERT) team, and:
>
> * Run the Jenkins CERT meeting
> * Manage sending gifts to qualifying reporters of resolved security issues [2]
> * Coordinate work on, and releases, of security fixes with plugin authors,
>   Kohsuke and the LTS team lead
> * Publish Security Advisories (including CVE IDs and CVSS) and notify the 
> mailing
>   list
> * Drive security policy definition/changes in the community
> * Represent the Jenkins project on security topics with third parties
>
>
> The expected term of the Security Officer would be 12 months.
>
>
>
> Contributors interested in being considered for the Jenkins Security Officer
> position should email the board: jenkinsci-bo...@googlegroups.com in the *next
> seven days* explaining their qualifications for the position.
>
> In seven days the board will select a candidate to appoint to the position who
> will be able to act on behalf of the Governance Board on matters pertaining to
> the position described above
>
>
> Thanks!
>
>
> [0] https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CERT+team
> [1] The current board: 
> 
> [2] 
> https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+reporting+security+issues
>
> - R. Tyler Croy
>
> --
>  Code: 
>   Chatter: 
>
>   % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
> --
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-users/20161121214738.GA3000%40blackberry.coupleofllamas.com.
> For more options, visit https://groups.google.com/d/optout.



- R. Tyler Croy

--
 Code: 
  Chatter: 

  % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
--

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20161209212142.GB21965%40blackberry.coupleofllamas.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

Request for participation: Jenkins Security Officer candidates

[R. Tyler Croy]

First, let me thank Daniel Beck for his work as the inaugural Jenkins Security
Officer over the past year. I would also like to thank the numerous members of
the CERT[0] team who have helped Daniel guide the project's security policies,
disclosures and updates.

In accordance with our previously agreed upon team lead proposal
(https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+Project+sub-teams)
I am now asking, again, on behalf of the Jenkins board[1] for candidates who
are willing to act as the Jenkins Security Officer.


The responsibilities of the Jenkins Security Officer would be to lead Jenkins
Security (CERT) team, and:

* Run the Jenkins CERT meeting
* Manage sending gifts to qualifying reporters of resolved security issues [2]
* Coordinate work on, and releases, of security fixes with plugin authors,
  Kohsuke and the LTS team lead
* Publish Security Advisories (including CVE IDs and CVSS) and notify the 
mailing
  list
* Drive security policy definition/changes in the community
* Represent the Jenkins project on security topics with third parties


The expected term of the Security Officer would be 12 months.



Contributors interested in being considered for the Jenkins Security Officer
position should email the board: jenkinsci-bo...@googlegroups.com in the *next
seven days* explaining their qualifications for the position.

In seven days the board will select a candidate to appoint to the position who
will be able to act on behalf of the Governance Board on matters pertaining to
the position described above


Thanks!


[0] https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CERT+team
[1] The current board: 

[2] 
https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+reporting+security+issues

- R. Tyler Croy

--
 Code: 
  Chatter: 

  % gpg --keyserver keys.gnupg.net --recv-key 1426C7DC3F51E16F
--

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20161121214738.GA3000%40blackberry.coupleofllamas.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

Re: Request for participation: Jenkins Security Officer candidates

[R. Tyler Croy]

I neglected to send an update this past week but the board has appointed Daniel
Beck as the Jenkins Security Officer for the next 12 months.

See 


On Tue, 10 Nov 2015, R. Tyler Croy wrote:

> 
> Based on the team lead proposal
> (https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+Project+sub-teams)
> which was approved in the governance meeting last month, I asking on behalf of
> the Jenkins board[0], for candidates who are willing to act as the Jenkins
> Security Officer.
> 
> 
> The responsibilities of the Jenkins Security Officer would be to lead Jenkins
> Security (CERT) team, and:
> 
> * Run the Jenkins CERT meeting
> * Manage sending gifts to qualifying reporters of resolved security issues [1]
> * Coordinate work on, and releases, of security fixes with plugin authors,
>   Kohsuke and the LTS team lead
> * Publish Security Advisories (including CVE IDs and CVSS) and notify the 
> mailing
>   list
> * Drive security policy definition/changes in the community
> * Represent the Jenkins project on security topics with third parties
> 
> 
> The expected term of the Security Officer would be 12 months.
> 
> 
> 
> Contributors interested in being considered for the Jenkins Security Officer
> position should email the board: jenkinsci-bo...@googlegroups.com in the *next
> seven days* explaining their qualifications for the position.
> 
> In seven days the board will select a candidate to appoint to the position who
> will be able to act on behalf of the Governance Board on matters pertaining to
> the position described above
> 
> 
> 
> [0] The current board: 
> 
> [1] 
> https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+reporting+security+issues
> 
> 
> Cheers
> - R. Tyler Croy
> 
> --
>  Code: 
>   Chatter: 
> 
>   % gpg --keyserver keys.gnupg.net --recv-key 3F51E16F
> --
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Jenkins Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to jenkinsci-dev+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/jenkinsci-dev/20151110214157.GF23766%40blackberry.coupleofllamas.com.
> For more options, visit https://groups.google.com/d/optout.



- R. Tyler Croy

--
 Code: 
  Chatter: 

  % gpg --keyserver keys.gnupg.net --recv-key 3F51E16F
--

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20151201165934.GB23766%40blackberry.coupleofllamas.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

Re: Request for participation: Jenkins Security Officer candidates

[Oleg Nenashev]

Just read this e-mail.
 Congrats to Daniel!

среда, 11 ноября 2015 г., 0:43:19 UTC+3 пользователь R Tyler Croy написал:
>
>
> Based on the team lead proposal 
> (https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+Project+sub-teams) 
>
> which was approved in the governance meeting last month, I asking on 
> behalf of 
> the Jenkins board[0], for candidates who are willing to act as the Jenkins 
> Security Officer. 
>
>
> The responsibilities of the Jenkins Security Officer would be to lead 
> Jenkins 
> Security (CERT) team, and: 
>
> * Run the Jenkins CERT meeting 
> * Manage sending gifts to qualifying reporters of resolved security issues 
> [1] 
> * Coordinate work on, and releases, of security fixes with plugin authors, 
>   Kohsuke and the LTS team lead 
> * Publish Security Advisories (including CVE IDs and CVSS) and notify the 
> mailing 
>   list 
> * Drive security policy definition/changes in the community 
> * Represent the Jenkins project on security topics with third parties 
>
>
> The expected term of the Security Officer would be 12 months. 
>
>
>
> Contributors interested in being considered for the Jenkins Security 
> Officer 
> position should email the board: jenkins...@googlegroups.com  
> in the *next 
> seven days* explaining their qualifications for the position. 
>
> In seven days the board will select a candidate to appoint to the position 
> who 
> will be able to act on behalf of the Governance Board on matters 
> pertaining to 
> the position described above 
>
>
>
> [0] The current board: <
> https://wiki.jenkins-ci.org/display/JENKINS/Governance+Board> 
> [1] 
> https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+reporting+security+issues
>  
>
>
> Cheers 
> - R. Tyler Croy 
>
> -- 
>  Code:  
>   Chatter:  
>
>   % gpg --keyserver keys.gnupg.net --recv-key 3F51E16F 
> -- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/0b495db8-effb-4cd0-909b-3b5f34b87036%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Request for participation: Jenkins Security Officer candidates

[R. Tyler Croy]

Based on the team lead proposal
(https://wiki.jenkins-ci.org/display/JENKINS/Proposal+-+Project+sub-teams)
which was approved in the governance meeting last month, I asking on behalf of
the Jenkins board[0], for candidates who are willing to act as the Jenkins
Security Officer.


The responsibilities of the Jenkins Security Officer would be to lead Jenkins
Security (CERT) team, and:

* Run the Jenkins CERT meeting
* Manage sending gifts to qualifying reporters of resolved security issues [1]
* Coordinate work on, and releases, of security fixes with plugin authors,
  Kohsuke and the LTS team lead
* Publish Security Advisories (including CVE IDs and CVSS) and notify the 
mailing
  list
* Drive security policy definition/changes in the community
* Represent the Jenkins project on security topics with third parties


The expected term of the Security Officer would be 12 months.



Contributors interested in being considered for the Jenkins Security Officer
position should email the board: jenkinsci-bo...@googlegroups.com in the *next
seven days* explaining their qualifications for the position.

In seven days the board will select a candidate to appoint to the position who
will be able to act on behalf of the Governance Board on matters pertaining to
the position described above



[0] The current board: 

[1] 
https://wiki.jenkins-ci.org/display/JENKINS/Rewards+for+reporting+security+issues


Cheers
- R. Tyler Croy

--
 Code: 
  Chatter: 

  % gpg --keyserver keys.gnupg.net --recv-key 3F51E16F
--

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20151110214157.GF23766%40blackberry.coupleofllamas.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature