Very late response here, but I think this is an awesome idea. I can help
out as well, if we haven't already reached "too many cooks in the kitchen"
amount of members.
- Houston
On Fri, May 12, 2023 at 4:53 PM Gus Heck wrote:
> Yes, I'd agree, if the person can be on the related mailing list,
Yes, I'd agree, if the person can be on the related mailing list, they can
be in the working group.
On Fri, May 12, 2023 at 1:50 PM Mike Drob wrote:
> Just a quick update here - it sounds like the project may opt to allow
> committers (non-PMC members) to join the security list. Discussion
Just a quick update here - it sounds like the project may opt to allow
committers (non-PMC members) to join the security list. Discussion here:
https://lists.apache.org/thread/k9rt56y3j4vd2gczbn257qf4x272vz1o
I expect the same logic would apply to this WG.
Mike
On Tue, May 2, 2023 at 7:40 PM
@Kevin, Cool, I think with 4-5 people volunteering this is a go, and
perhaps the working group can do a quick kick off (30 min) online call
somewhere around the 15th?
@Marcus Please don't hesitate to suggest improvements (or implement them!)
Also feel 100% free to suggest improvements to my list
Also happy to contribute from the outside, or one foot in rather :-)
Security is my motivation for most of the work that I have done in the
project to date.
On Tue, May 2, 2023 at 3:51 PM Kevin Risden wrote:
> I'm happy to contribute.
>
> Kevin Risden
>
>
> On Tue, May 2, 2023 at 3:47 PM
I'm happy to contribute.
Kevin Risden
On Tue, May 2, 2023 at 3:47 PM Arrieta, Alejandro <
aarri...@perrinsoftware.com> wrote:
> Hi Gus,
>
> thx 4 clarification.
> Well I need to work on those 2 requirements then :-)
>
> Thanks
> Alejandro Arrieta
>
>
> On Tue, May 2, 2023 at 3:40 PM Gus Heck
Hi Gus,
thx 4 clarification.
Well I need to work on those 2 requirements then :-)
Thanks
Alejandro Arrieta
On Tue, May 2, 2023 at 3:40 PM Gus Heck wrote:
> Unfortunately, since part of the duties will be responding to the queries
> sent to secur...@solr.apache.org, one must be both a
Unfortunately, since part of the duties will be responding to the queries
sent to secur...@solr.apache.org, one must be both a committer and a PMC
member. However, I expect that this group will make suggestions about
anything unrelated to un-announced security issues to the wider list for a
Hello Team,
Do you need to be a committer to join the group?
Kind Regards,
Alejandro Arrieta
On Tue, May 2, 2023 at 3:23 PM Gus Heck wrote:
> Cool that means so far we have:
>
>1. Me (Gus Heck)
>2. Jason Gerlowski
>3. Mike Drob
>4. (maybe?) David Smiley
>
>
> On Tue, May 2,
Cool that means so far we have:
1. Me (Gus Heck)
2. Jason Gerlowski
3. Mike Drob
4. (maybe?) David Smiley
On Tue, May 2, 2023 at 3:02 PM Mike Drob wrote:
> Howdy folks. I'd be happy to step into this working group.
>
> On Mon, May 1, 2023 at 12:34 PM Gus Heck wrote:
>
> >
Howdy folks. I'd be happy to step into this working group.
On Mon, May 1, 2023 at 12:34 PM Gus Heck wrote:
> Awesome, glad to have you Jason, I in the end feel the same way about my
> spot. Mostly I qualify as "concerned citizen", possibly with "who thought
> about it some and has ideas" added.
Awesome, glad to have you Jason, I in the end feel the same way about my
spot. Mostly I qualify as "concerned citizen", possibly with "who thought
about it some and has ideas" added. If we get more than 5 volunteers we can
start comparing credentials.
On Mon, May 1, 2023 at 1:17 PM Jason
Hi Gus,
I think this is a great idea.
I don't have much security background that'd make me a particularly
good fit, but absent someone with that background stepping up, I'm
willing to volunteer for one of the spots. (I'd be more than happy to
bow out if better qualified folks come along.)
Pretty sleepy thread so far; apparently nobody else is interested in
talking about Solr security -- LOL ;-)
~ David Smiley
Apache Lucene/Solr Search Developer
http://www.linkedin.com/in/davidwsmiley
On Wed, Apr 26, 2023 at 8:25 AM Gus Heck wrote:
> Thanks David. It would be great to have you
Thanks David. It would be great to have you if you can find time for it. As
far as time commitment goes, I think it should become minimal after a while
unless we have a flood of security reports to respond to. For a little
while after initial organization, I think the members will want to put a
This is a thoughtful organization attempt and needed, I think. Thanks Gus!
I want to see if I could get a security specialist/engineer where I work to
help us with this. I'm tempted to say I'm joining this thing but I'm weary
of dedicating time per week.
~ David Smiley
Apache Lucene/Solr
*Rationale*
Over the course of the last decade the way software security is viewed has
changed. Solr has changed significantly over this time too and we have
gained some important security features and fixed a variety of
vulnerabilities. However, I think as a project we have not really developed
17 matches
Mail list logo
