subject:"\[Geoserver\-devel\] Proposal \[GSIP 220\] \- Revised Security Policy and CVE handling"

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-10-02 Thread Simone Giannecchini

+0

Regards,
Simone Giannecchini
==
Online training classes for GeoNode, GeoServer and MapStore from the
experts!
Visit https://www.geosolutionsgroup.com/professional-training/ for more
information.
==
Ing. Simone Giannecchini
@simogeo
Founder/Director GeoSolutions Italy
President GeoSolutions USA

phone: +39 0584 962313
fax: +39 0584 1660272
mob:   +39  333 8128928
US: +1 (845) 547-7905

http://www.geosolutionsgroup.com
http://twitter.com/geosolutions_it

---
This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail.


On Mon, Oct 2, 2023 at 9:56 AM Nuno Oliveira <
nuno.olive...@geosolutionsgroup.com> wrote:

> +1, thank you.
>
> On Mon, Oct 2, 2023 at 8:54 AM Alessio Fabiani <
> alessio.fabi...@geosolutionsgroup.com> wrote:
>
>> +1 Thanks
>>
>> On Sun, Oct 1, 2023 at 9:34 PM Jody Garnett 
>> wrote:
>>
>>> Thanks everyone,
>>>
>>> The motion from September 12th is now passed (its ten day extension now
>>> elapsed).
>>>
>>>
>>>- Alessio Fabiani:
>>>- Andrea Aime: +1
>>>- Ian Turton: +1
>>>- Jody Garnett: +1 initial motion
>>>- Jukka Rahkonen: +1
>>>- Kevin Smith: +1
>>>- Simone Giannecchini:
>>>- Torben Barsballe: +1
>>>- Nuno Oliveira:
>>>
>>>
>>> Community support:
>>>
>>>
>>>- Mark Prins: +1
>>>
>>>
>>> --
>>> Jody Garnett
>>>
>>>
>>> On Oct 1, 2023 at 10:07:34 AM, Rahkonen Jukka <
>>> jukka.rahko...@maanmittauslaitos.fi> wrote:
>>>
>>>> +1
>>>>
>>>>
>>>>
>>>> -Jukka Rahkonen-
>>>>
>>>>
>>>>
>>>> *Lähettäjä:* Andrea Aime 
>>>> *Lähetetty:* lauantai 30. syyskuuta 2023 18.47
>>>> *Vastaanottaja:* Jody Garnett 
>>>> *Kopio:* Torben Barsballe ; Geoserver-devel
>>>> ; Alessio Fabiani <
>>>> alessio.fabi...@geosolutionsgroup.com>; Ian Turton ;
>>>> Rahkonen Jukka ; Simone
>>>> Giannecchini ; Nuno
>>>> Oliveira 
>>>> *Aihe:* Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security
>>>> Policy and CVE handling
>>>>
>>>>
>>>>
>>>> +1
>>>>
>>>>
>>>>
>>>> Cheers
>>>>
>>>> Andrea
>>>>
>>>>
>>>>
>>>> On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett 
>>>> wrote:
>>>>
>>>> Reminder to vote on this topic, I understand security is a difficult
>>>> topic to discuss in public anyone is welcome to reach out to me directly
>>>> for questions/clarifications.  The proposal has been clarified and refined
>>>> from the questions and response provided thus far.
>>>>
>>>>
>>>>
>>>> Project Steering Committee:
>>>>
>>>>
>>>>
>>>> * Alessio Fabiani:
>>>>
>>>> * Andrea Aime:
>>>>
>>>> * Ian Turton:
>>>>
>>>> * Jody Garnett: +1 initial motion
>>>>
>>>> * Jukka Rahkonen:
>>>>
>>>> * Kevin Smith: +1
>>>>
>>>> * Simone Giannecchini:
>>>>
>>>> * Torben Barsballe: +1
>>>>
>>>> * Nuno Oliveira:
>>>>
>>>>
>>>>
>>>> Community support:
>>>>
>>>>
>>>>
>>>> * Mark Prins: +1 "While not eligible to vote I'd like to give my
>>>> thumbs-up for this proposal."
>>>>
>>>>
>>>>
>>>> --
>>>>
>>>> Jody Garnett
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Sep 22, 2023 at 9:26:35 AM, Jody Garnett 
>>>> wrote:
>>>>
>>>> It has been 10 days, I would like to request an extension on this
>>>> proposal as I believe it is good response for the project.
>>>>
>>>

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-10-02 Thread Nuno Oliveira

+1, thank you.

On Mon, Oct 2, 2023 at 8:54 AM Alessio Fabiani <
alessio.fabi...@geosolutionsgroup.com> wrote:

> +1 Thanks
>
> On Sun, Oct 1, 2023 at 9:34 PM Jody Garnett 
> wrote:
>
>> Thanks everyone,
>>
>> The motion from September 12th is now passed (its ten day extension now
>> elapsed).
>>
>>
>>- Alessio Fabiani:
>>- Andrea Aime: +1
>>- Ian Turton: +1
>>- Jody Garnett: +1 initial motion
>>- Jukka Rahkonen: +1
>>- Kevin Smith: +1
>>- Simone Giannecchini:
>>- Torben Barsballe: +1
>>- Nuno Oliveira:
>>
>>
>> Community support:
>>
>>
>>- Mark Prins: +1
>>
>>
>> --
>> Jody Garnett
>>
>>
>> On Oct 1, 2023 at 10:07:34 AM, Rahkonen Jukka <
>> jukka.rahko...@maanmittauslaitos.fi> wrote:
>>
>>> +1
>>>
>>>
>>>
>>> -Jukka Rahkonen-
>>>
>>>
>>>
>>> *Lähettäjä:* Andrea Aime 
>>> *Lähetetty:* lauantai 30. syyskuuta 2023 18.47
>>> *Vastaanottaja:* Jody Garnett 
>>> *Kopio:* Torben Barsballe ; Geoserver-devel <
>>> geoserver-devel@lists.sourceforge.net>; Alessio Fabiani <
>>> alessio.fabi...@geosolutionsgroup.com>; Ian Turton ;
>>> Rahkonen Jukka ; Simone
>>> Giannecchini ; Nuno Oliveira
>>> 
>>> *Aihe:* Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security
>>> Policy and CVE handling
>>>
>>>
>>>
>>> +1
>>>
>>>
>>>
>>> Cheers
>>>
>>> Andrea
>>>
>>>
>>>
>>> On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett 
>>> wrote:
>>>
>>> Reminder to vote on this topic, I understand security is a difficult
>>> topic to discuss in public anyone is welcome to reach out to me directly
>>> for questions/clarifications.  The proposal has been clarified and refined
>>> from the questions and response provided thus far.
>>>
>>>
>>>
>>> Project Steering Committee:
>>>
>>>
>>>
>>> * Alessio Fabiani:
>>>
>>> * Andrea Aime:
>>>
>>> * Ian Turton:
>>>
>>> * Jody Garnett: +1 initial motion
>>>
>>> * Jukka Rahkonen:
>>>
>>> * Kevin Smith: +1
>>>
>>> * Simone Giannecchini:
>>>
>>> * Torben Barsballe: +1
>>>
>>> * Nuno Oliveira:
>>>
>>>
>>>
>>> Community support:
>>>
>>>
>>>
>>> * Mark Prins: +1 "While not eligible to vote I'd like to give my
>>> thumbs-up for this proposal."
>>>
>>>
>>>
>>> --
>>>
>>> Jody Garnett
>>>
>>>
>>>
>>>
>>>
>>> On Sep 22, 2023 at 9:26:35 AM, Jody Garnett 
>>> wrote:
>>>
>>> It has been 10 days, I would like to request an extension on this
>>> proposal as I believe it is good response for the project.
>>>
>>>
>>>
>>> Jody
>>>
>>>
>>>
>>> On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe <
>>> torbenbarsba...@gmail.com> wrote:
>>>
>>> +1
>>>
>>>
>>>
>>> The Feedback section read as a little confusing (probably because the
>>> tone of the document switched from descriptive to conversational). A short
>>> blurb providing some context at the start, or some indication of personas
>>> throughout ( i.e. quoted sections being identified as security researchers,
>>> etc.) would improve legibility. However, since this section is ultimately
>>> just examples and not procedure, this doesn't affect my vote one way or the
>>> other.
>>>
>>>
>>>
>>> Cheers,
>>>
>>> Torben
>>>
>>>
>>>
>>> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
>>> wrote:
>>>
>>> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>>>
>>>
>>>
>>> Overview is using the GitHub "private vulnerability reporting" to assign
>>> CVE numbers we control to our known security issues.
>>>
>>> --
>>>
>>> Jody Garnett
>>>
>>> ___
>>> Geoserver-devel mailing list
>>> Geoserver-devel@lists.sourceforge.net
>>> https://lists.sourcef

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-10-02 Thread Alessio Fabiani

+1 Thanks

On Sun, Oct 1, 2023 at 9:34 PM Jody Garnett  wrote:

> Thanks everyone,
>
> The motion from September 12th is now passed (its ten day extension now
> elapsed).
>
>
>- Alessio Fabiani:
>- Andrea Aime: +1
>- Ian Turton: +1
>- Jody Garnett: +1 initial motion
>- Jukka Rahkonen: +1
>- Kevin Smith: +1
>- Simone Giannecchini:
>- Torben Barsballe: +1
>- Nuno Oliveira:
>
>
> Community support:
>
>
>- Mark Prins: +1
>
>
> --
> Jody Garnett
>
>
> On Oct 1, 2023 at 10:07:34 AM, Rahkonen Jukka <
> jukka.rahko...@maanmittauslaitos.fi> wrote:
>
>> +1
>>
>>
>>
>> -Jukka Rahkonen-
>>
>>
>>
>> *Lähettäjä:* Andrea Aime 
>> *Lähetetty:* lauantai 30. syyskuuta 2023 18.47
>> *Vastaanottaja:* Jody Garnett 
>> *Kopio:* Torben Barsballe ; Geoserver-devel <
>> geoserver-devel@lists.sourceforge.net>; Alessio Fabiani <
>> alessio.fabi...@geosolutionsgroup.com>; Ian Turton ;
>> Rahkonen Jukka ; Simone
>> Giannecchini ; Nuno Oliveira <
>> nuno.olive...@geosolutionsgroup.com>
>> *Aihe:* Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security
>> Policy and CVE handling
>>
>>
>>
>> +1
>>
>>
>>
>> Cheers
>>
>> Andrea
>>
>>
>>
>> On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett 
>> wrote:
>>
>> Reminder to vote on this topic, I understand security is a difficult
>> topic to discuss in public anyone is welcome to reach out to me directly
>> for questions/clarifications.  The proposal has been clarified and refined
>> from the questions and response provided thus far.
>>
>>
>>
>> Project Steering Committee:
>>
>>
>>
>> * Alessio Fabiani:
>>
>> * Andrea Aime:
>>
>> * Ian Turton:
>>
>> * Jody Garnett: +1 initial motion
>>
>> * Jukka Rahkonen:
>>
>> * Kevin Smith: +1
>>
>> * Simone Giannecchini:
>>
>> * Torben Barsballe: +1
>>
>> * Nuno Oliveira:
>>
>>
>>
>> Community support:
>>
>>
>>
>> * Mark Prins: +1 "While not eligible to vote I'd like to give my
>> thumbs-up for this proposal."
>>
>>
>>
>> --
>>
>> Jody Garnett
>>
>>
>>
>>
>>
>> On Sep 22, 2023 at 9:26:35 AM, Jody Garnett 
>> wrote:
>>
>> It has been 10 days, I would like to request an extension on this
>> proposal as I believe it is good response for the project.
>>
>>
>>
>> Jody
>>
>>
>>
>> On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe <
>> torbenbarsba...@gmail.com> wrote:
>>
>> +1
>>
>>
>>
>> The Feedback section read as a little confusing (probably because the
>> tone of the document switched from descriptive to conversational). A short
>> blurb providing some context at the start, or some indication of personas
>> throughout ( i.e. quoted sections being identified as security researchers,
>> etc.) would improve legibility. However, since this section is ultimately
>> just examples and not procedure, this doesn't affect my vote one way or the
>> other.
>>
>>
>>
>> Cheers,
>>
>> Torben
>>
>>
>>
>> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
>> wrote:
>>
>> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>>
>>
>>
>> Overview is using the GitHub "private vulnerability reporting" to assign
>> CVE numbers we control to our known security issues.
>>
>> --
>>
>> Jody Garnett
>>
>> ___
>> Geoserver-devel mailing list
>> Geoserver-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>
>>
>>
>>
>> --
>>
>> Regards,
>>
>> Andrea Aime
>>
>> ==
>> GeoServer Professional Services from the experts!
>>
>> Visit http://bit.ly/gs-services-us for more information.
>> ==
>>
>> Ing. Andrea Aime
>> @geowolf
>> Technical Lead
>>
>> GeoSolutions Group
>> phone: +39 0584 962313
>>
>> fax: +39 0584 1660272
>>
>> mob:   +39  339 8844549
>>
>>
>>
>> https://www.geosolutionsgroup.com/
>>
>> http://twitter.com/geosolutions_it
>>
>> ---
>>
>>
&

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-10-01 Thread Jody Garnett

 Thanks everyone,

The motion from September 12th is now passed (its ten day extension now
elapsed).


   - Alessio Fabiani:
   - Andrea Aime: +1
   - Ian Turton: +1
   - Jody Garnett: +1 initial motion
   - Jukka Rahkonen: +1
   - Kevin Smith: +1
   - Simone Giannecchini:
   - Torben Barsballe: +1
   - Nuno Oliveira:


Community support:


   - Mark Prins: +1


--
Jody Garnett


On Oct 1, 2023 at 10:07:34 AM, Rahkonen Jukka <
jukka.rahko...@maanmittauslaitos.fi> wrote:

> +1
>
>
>
> -Jukka Rahkonen-
>
>
>
> *Lähettäjä:* Andrea Aime 
> *Lähetetty:* lauantai 30. syyskuuta 2023 18.47
> *Vastaanottaja:* Jody Garnett 
> *Kopio:* Torben Barsballe ; Geoserver-devel <
> geoserver-devel@lists.sourceforge.net>; Alessio Fabiani <
> alessio.fabi...@geosolutionsgroup.com>; Ian Turton ;
> Rahkonen Jukka ; Simone Giannecchini
> ; Nuno Oliveira <
> nuno.olive...@geosolutionsgroup.com>
> *Aihe:* Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security
> Policy and CVE handling
>
>
>
> +1
>
>
>
> Cheers
>
> Andrea
>
>
>
> On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett 
> wrote:
>
> Reminder to vote on this topic, I understand security is a difficult topic
> to discuss in public anyone is welcome to reach out to me directly for
> questions/clarifications.  The proposal has been clarified and refined from
> the questions and response provided thus far.
>
>
>
> Project Steering Committee:
>
>
>
> * Alessio Fabiani:
>
> * Andrea Aime:
>
> * Ian Turton:
>
> * Jody Garnett: +1 initial motion
>
> * Jukka Rahkonen:
>
> * Kevin Smith: +1
>
> * Simone Giannecchini:
>
> * Torben Barsballe: +1
>
> * Nuno Oliveira:
>
>
>
> Community support:
>
>
>
> * Mark Prins: +1 "While not eligible to vote I'd like to give my thumbs-up
> for this proposal."
>
>
>
> --
>
> Jody Garnett
>
>
>
>
>
> On Sep 22, 2023 at 9:26:35 AM, Jody Garnett 
> wrote:
>
> It has been 10 days, I would like to request an extension on this proposal
> as I believe it is good response for the project.
>
>
>
> Jody
>
>
>
> On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe <
> torbenbarsba...@gmail.com> wrote:
>
> +1
>
>
>
> The Feedback section read as a little confusing (probably because the tone
> of the document switched from descriptive to conversational). A short blurb
> providing some context at the start, or some indication of personas
> throughout ( i.e. quoted sections being identified as security researchers,
> etc.) would improve legibility. However, since this section is ultimately
> just examples and not procedure, this doesn't affect my vote one way or the
> other.
>
>
>
> Cheers,
>
> Torben
>
>
>
> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
> wrote:
>
> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>
>
>
> Overview is using the GitHub "private vulnerability reporting" to assign
> CVE numbers we control to our known security issues.
>
> --
>
> Jody Garnett
>
> ___
> Geoserver-devel mailing list
> Geoserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
>
>
>
> --
>
> Regards,
>
> Andrea Aime
>
> ==
> GeoServer Professional Services from the experts!
>
> Visit http://bit.ly/gs-services-us for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions Group
> phone: +39 0584 962313
>
> fax: +39 0584 1660272
>
> mob:   +39  339 8844549
>
>
>
> https://www.geosolutionsgroup.com/
>
> http://twitter.com/geosolutions_it
>
> ---
>
>
> Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
> precisa che ogni circostanza inerente alla presente email (il suo
> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>
> This email is intended only for the person or entity to which it is
> addressed and may contain information that is privileged, confidential or
> otherwise protected from disclosure. We remind that - as provided by
> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
> e-mail or the information herein by anyone other than the intended
> recipient is prohibited. If you have received this email by mistake, please
> notify us immediately by telephone or e-mail
>
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-10-01 Thread Rahkonen Jukka

+1

-Jukka Rahkonen-

Lähettäjä: Andrea Aime 
Lähetetty: lauantai 30. syyskuuta 2023 18.47
Vastaanottaja: Jody Garnett 
Kopio: Torben Barsballe ; Geoserver-devel 
; Alessio Fabiani 
; Ian Turton ; 
Rahkonen Jukka ; Simone Giannecchini 
; Nuno Oliveira 

Aihe: Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and 
CVE handling

+1

Cheers
Andrea

On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett 
mailto:jody.garn...@gmail.com>> wrote:
Reminder to vote on this topic, I understand security is a difficult topic to 
discuss in public anyone is welcome to reach out to me directly for 
questions/clarifications.  The proposal has been clarified and refined from the 
questions and response provided thus far.

Project Steering Committee:

* Alessio Fabiani:
* Andrea Aime:
* Ian Turton:
* Jody Garnett: +1 initial motion
* Jukka Rahkonen:
* Kevin Smith: +1
* Simone Giannecchini:
* Torben Barsballe: +1
* Nuno Oliveira:

Community support:

* Mark Prins: +1 "While not eligible to vote I'd like to give my thumbs-up for 
this proposal."

--
Jody Garnett


On Sep 22, 2023 at 9:26:35 AM, Jody Garnett 
mailto:jody.garn...@gmail.com>> wrote:
It has been 10 days, I would like to request an extension on this proposal as I 
believe it is good response for the project.

Jody

On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe 
mailto:torbenbarsba...@gmail.com>> wrote:
+1

The Feedback section read as a little confusing (probably because the tone of 
the document switched from descriptive to conversational). A short blurb 
providing some context at the start, or some indication of personas throughout 
( i.e. quoted sections being identified as security researchers, etc.) would 
improve legibility. However, since this section is ultimately just examples and 
not procedure, this doesn't affect my vote one way or the other.

Cheers,
Torben

On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
mailto:jody.garn...@gmail.com>> wrote:
Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220

Overview is using the GitHub "private vulnerability reporting" to assign CVE 
numbers we control to our known security issues.
--
Jody Garnett
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net<mailto:Geoserver-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


--

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob:   +39  339 8844549


https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa 
che ogni circostanza inerente alla presente email (il suo contenuto, gli 
eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i 
destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per 
errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei 
comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is addressed 
and may contain information that is privileged, confidential or otherwise 
protected from disclosure. We remind that - as provided by European Regulation 
2016/679 “GDPR” - copying, dissemination or use of this e-mail or the 
information herein by anyone other than the intended recipient is prohibited. 
If you have received this email by mistake, please notify us immediately by 
telephone or e-mail
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-30 Thread Andrea Aime

+1

Cheers
Andrea

On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett 
wrote:

> Reminder to vote on this topic, I understand security is a difficult topic
> to discuss in public anyone is welcome to reach out to me directly for
> questions/clarifications.  The proposal has been clarified and refined from
> the questions and response provided thus far.
>
> Project Steering Committee:
>
> * Alessio Fabiani:
> * Andrea Aime:
> * Ian Turton:
> * Jody Garnett: +1 initial motion
> * Jukka Rahkonen:
> * Kevin Smith: +1
> * Simone Giannecchini:
> * Torben Barsballe: +1
> * Nuno Oliveira:
>
> Community support:
>
> * Mark Prins: +1 "While not eligible to vote I'd like to give my thumbs-up
> for this proposal."
>
> --
> Jody Garnett
>
>
> On Sep 22, 2023 at 9:26:35 AM, Jody Garnett 
> wrote:
>
>> It has been 10 days, I would like to request an extension on this
>> proposal as I believe it is good response for the project.
>>
>> Jody
>>
>> On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe <
>> torbenbarsba...@gmail.com> wrote:
>>
>>> +1
>>>
>>> The Feedback section read as a little confusing (probably because the
>>> tone of the document switched from descriptive to conversational). A short
>>> blurb providing some context at the start, or some indication of personas
>>> throughout ( i.e. quoted sections being identified as security researchers,
>>> etc.) would improve legibility. However, since this section is ultimately
>>> just examples and not procedure, this doesn't affect my vote one way or the
>>> other.
>>>
>>> Cheers,
>>> Torben
>>>
>>> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
>>> wrote:
>>>
 Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220

 Overview is using the GitHub "private vulnerability reporting" to
 assign CVE numbers we control to our known security issues.
 --
 Jody Garnett

>>> ___
 Geoserver-devel mailing list
 Geoserver-devel@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/geoserver-devel

>>>

-- 

Regards,

Andrea Aime

==
GeoServer Professional Services from the experts!

Visit http://bit.ly/gs-services-us for more information.
==

Ing. Andrea Aime
@geowolf
Technical Lead

GeoSolutions Group
phone: +39 0584 962313

fax: +39 0584 1660272

mob:   +39  339 8844549

https://www.geosolutionsgroup.com/

http://twitter.com/geosolutions_it

---

Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE
2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
precisa che ogni circostanza inerente alla presente email (il suo
contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
operazione è illecita. Le sarei comunque grato se potesse darmene notizia.

This email is intended only for the person or entity to which it is
addressed and may contain information that is privileged, confidential or
otherwise protected from disclosure. We remind that - as provided by
European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
e-mail or the information herein by anyone other than the intended
recipient is prohibited. If you have received this email by mistake, please
notify us immediately by telephone or e-mail
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-29 Thread Jody Garnett

Reminder to vote on this topic, I understand security is a difficult topic
to discuss in public anyone is welcome to reach out to me directly for
questions/clarifications.  The proposal has been clarified and refined from
the questions and response provided thus far.

Project Steering Committee:

* Alessio Fabiani:
* Andrea Aime:
* Ian Turton:
* Jody Garnett: +1 initial motion
* Jukka Rahkonen:
* Kevin Smith: +1
* Simone Giannecchini:
* Torben Barsballe: +1
* Nuno Oliveira:

Community support:

* Mark Prins: +1 "While not eligible to vote I'd like to give my thumbs-up
for this proposal."

--
Jody Garnett


On Sep 22, 2023 at 9:26:35 AM, Jody Garnett  wrote:

> It has been 10 days, I would like to request an extension on this proposal
> as I believe it is good response for the project.
>
> Jody
>
> On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe <
> torbenbarsba...@gmail.com> wrote:
>
>> +1
>>
>> The Feedback section read as a little confusing (probably because the
>> tone of the document switched from descriptive to conversational). A short
>> blurb providing some context at the start, or some indication of personas
>> throughout ( i.e. quoted sections being identified as security researchers,
>> etc.) would improve legibility. However, since this section is ultimately
>> just examples and not procedure, this doesn't affect my vote one way or the
>> other.
>>
>> Cheers,
>> Torben
>>
>> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
>> wrote:
>>
>>> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>>>
>>> Overview is using the GitHub "private vulnerability reporting" to assign
>>> CVE numbers we control to our known security issues.
>>> --
>>> Jody Garnett
>>>
>> ___
>>> Geoserver-devel mailing list
>>> Geoserver-devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>>
>>
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-27 Thread mark


While not eligible to vote I'd like to give my thumbs-up for this proposal.

I think it is a step forward in taking more control of vulnerability 
reports. There will unfortunately always be people not following 
best/responsible practices because they are not interested in fixing the 
problem but rather to have a CVE out there with their name on it.



Mark


___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-25 Thread Kevin Smith


+1

On 2023-09-12 14:36, Jody Garnett wrote:

Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220

Overview is using the GitHub "private vulnerability reporting" to 
assign CVE numbers we control to our known security issues.

--
Jody Garnett


___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel


--
Kevin Smith
smit...@draconic.ca
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-22 Thread Jody Garnett

It has been 10 days, I would like to request an extension on this proposal
as I believe it is good response for the project.

Jody

On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe 
wrote:

> +1
>
> The Feedback section read as a little confusing (probably because the tone
> of the document switched from descriptive to conversational). A short blurb
> providing some context at the start, or some indication of personas
> throughout ( i.e. quoted sections being identified as security researchers,
> etc.) would improve legibility. However, since this section is ultimately
> just examples and not procedure, this doesn't affect my vote one way or the
> other.
>
> Cheers,
> Torben
>
> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
> wrote:
>
>> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>>
>> Overview is using the GitHub "private vulnerability reporting" to assign
>> CVE numbers we control to our known security issues.
>> --
>> Jody Garnett
>>
> ___
>> Geoserver-devel mailing list
>> Geoserver-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>
>
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-20 Thread Torben Barsballe

That's a lot easier to follow, thanks.

Cheers,
Torben

On Wed, Sep 20, 2023 at 3:45 AM Jody Garnett  wrote:

> Thanks, the GSIP has been revised with "volunteer", "researcher",
> "National CVE Numbering Authority" and the exchanges separated for clarity.
> --
> Jody Garnett
>
>
> On Sep 15, 2023 at 11:54:19 AM, Torben Barsballe <
> torbenbarsba...@gmail.com> wrote:
>
>> +1
>>
>> The Feedback section read as a little confusing (probably because the
>> tone of the document switched from descriptive to conversational). A short
>> blurb providing some context at the start, or some indication of personas
>> throughout ( i.e. quoted sections being identified as security researchers,
>> etc.) would improve legibility. However, since this section is ultimately
>> just examples and not procedure, this doesn't affect my vote one way or the
>> other.
>>
>> Cheers,
>> Torben
>>
>> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
>> wrote:
>>
>>> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>>>
>>> Overview is using the GitHub "private vulnerability reporting" to assign
>>> CVE numbers we control to our known security issues.
>>> --
>>> Jody Garnett
>>> ___
>>> Geoserver-devel mailing list
>>> Geoserver-devel@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>>
>>
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-19 Thread Jody Garnett

 Thanks, the GSIP has been revised with "volunteer", "researcher",
"National CVE Numbering Authority" and the exchanges separated for clarity.
--
Jody Garnett


On Sep 15, 2023 at 11:54:19 AM, Torben Barsballe 
wrote:

> +1
>
> The Feedback section read as a little confusing (probably because the tone
> of the document switched from descriptive to conversational). A short blurb
> providing some context at the start, or some indication of personas
> throughout ( i.e. quoted sections being identified as security researchers,
> etc.) would improve legibility. However, since this section is ultimately
> just examples and not procedure, this doesn't affect my vote one way or the
> other.
>
> Cheers,
> Torben
>
> On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett 
> wrote:
>
>> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>>
>> Overview is using the GitHub "private vulnerability reporting" to assign
>> CVE numbers we control to our known security issues.
>> --
>> Jody Garnett
>> ___
>> Geoserver-devel mailing list
>> Geoserver-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>
>
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-15 Thread Torben Barsballe

+1

The Feedback section read as a little confusing (probably because the tone
of the document switched from descriptive to conversational). A short blurb
providing some context at the start, or some indication of personas
throughout ( i.e. quoted sections being identified as security researchers,
etc.) would improve legibility. However, since this section is ultimately
just examples and not procedure, this doesn't affect my vote one way or the
other.

Cheers,
Torben

On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett  wrote:

> Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
>
> Overview is using the GitHub "private vulnerability reporting" to assign
> CVE numbers we control to our known security issues.
> --
> Jody Garnett
> ___
> Geoserver-devel mailing list
> Geoserver-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

[Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

2023-09-12 Thread Jody Garnett

Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220

Overview is using the GitHub "private vulnerability reporting" to assign
CVE numbers we control to our known security issues.
--
Jody Garnett
___
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

[Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling

14 matches

Site Navigation

Mail list logo

Footer information