On Sun, 10 Jul 2005 09:57:44 +0100
Stuart Herbert <[EMAIL PROTECTED]> wrote:
> It'd perhaps make sense to extend the DTD for metadata.xml, so that the
> tag has 'type' and 'organisation' attributes. This would
> allow tools to tell the difference between an entry for a Gentoo
> maintainer, and a
On Fri, 2005-07-08 at 12:58 +0200, Martin Schlemmer wrote:
> Stupid question .. why does webapps.eclass have SLOT=${PVR} ?
If you're running a hosting server, and have many customers using the
same app, it may not be practical to bump them all at the same time.
* They may have different busy per
Hi,
On Wed, 2005-07-06 at 20:10 +0200, Radoslaw Stachowiak wrote:
> On 7/5/05, Stuart Herbert <[EMAIL PROTECTED]> wrote:
> > I'd like to introduce the following security policy for web-based apps.
>
> Why only web-based apps? What about other tools and apps exposed to the
> network?
That's for
On Wed, 2005-07-06 at 00:30 +0200, Marius Mauch wrote:
> Hmm, what's the criteria to decide if something falls under this policy
> or not? Package category, maintainership, dependency on webserver, ...?
>
> Marius
The only criteria I can suggest is that any package which is maintained
by the web-
On Tue, 2005-07-05 at 23:12 +0100, David Morgan wrote:
> > > 1. The Gentoo package's maintainer will identify one *named* contact
> > >UPSTREAM for security-related matters, and one named general contact
> > >UPSTREAM (as a fallback for when the security contact is
> > >unreachable).
>
On Tue, 2005-07-05 at 17:52 -0400, Alec Warner wrote:
> > 3. This information will be checked every three months to ensure it
> >remains valid.
>
> Are you volunteering to do 3? If not, who will?
I'm proposing that 3. is the responsibility of the webapps herd
Strategic and Operational Leads
On Tue, 2005-07-05 at 15:40 -0500, Lance Albertson wrote:
> Yeah, having it in metadata.xml would make more sense.
We can do that.
It'd perhaps make sense to extend the DTD for metadata.xml, so that the
tag has 'type' and 'organisation' attributes. This would
allow tools to tell the differenc
On Fri, 2005-07-08 at 11:58 +0200, Diego 'Flameeyes' Pettenò wrote:
> On Wednesday 06 July 2005 20:10, Radoslaw Stachowiak wrote:
> > Why only web-based apps? What about other tools and apps exposed to the
> > network?
> Webapps are simpler to install to base users, they are generally just a
> "ex
On Wednesday 06 July 2005 20:10, Radoslaw Stachowiak wrote:
> Why only web-based apps? What about other tools and apps exposed to the
> network?
Webapps are simpler to install to base users, they are generally just a
"extract, change perms, execute php stuff".
Other stuff is quite more difficult,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stuart Herbert wrote:
> Thoughts, comments, other (constructive) feedback?
>
> Best regards,
> Stu
Sorry for my delayed response.. Just now getting caught up on my mail from the
last week.
I'm definitely in favor of something like this. Btw, I a
On 7/5/05, Stuart Herbert <[EMAIL PROTECTED]> wrote:
> I'd like to introduce the following security policy for web-based apps.
Why only web-based apps? What about other tools and apps exposed to the network?
--
radoslaw.
--
gentoo-dev@gentoo.org mailing list
On Tue, 05 Jul 2005 21:21:35 +0100
Stuart Herbert <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'd like to introduce the following security policy for web-based
> apps. If there are no objections, every new web-based app will have
> to conform to the policy before it can be added to the tree. Every
> ex
On Tue, Jul 05, 2005 at 05:52:47PM -0400, Alec Warner wrote:
> > 3. This information will be checked every three months to ensure it
> >remains valid.
>
> Are you volunteering to do 3? If not, who will?
I'll help.
--
Renat Lumpau
Gentoo developer
GPG key id #C6A838DA on http://pgp.mit.edu
> > 1. The Gentoo package's maintainer will identify one *named* contact
> >UPSTREAM for security-related matters, and one named general contact
> >UPSTREAM (as a fallback for when the security contact is
> >unreachable).
And what happens if upstream is only one person?
--
djm
--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Stuart Herbert wrote:
> Hi,
>
>
> 1. The Gentoo package's maintainer will identify one *named* contact
>UPSTREAM for security-related matters, and one named general contact
>UPSTREAM (as a fallback for when the security contact is
>unrea
Mike Frysinger wrote:
> On Tuesday 05 July 2005 04:21 pm, Stuart Herbert wrote:
>
>>1. The Gentoo package's maintainer will identify one *named* contact
>> UPSTREAM for security-related matters, and one named general contact
>> UPSTREAM (as a fallback for when the security contact is
>> unre
On Tuesday 05 July 2005 04:21 pm, Stuart Herbert wrote:
> 1. The Gentoo package's maintainer will identify one *named* contact
>UPSTREAM for security-related matters, and one named general contact
>UPSTREAM (as a fallback for when the security contact is
>unreachable).
> 2. This informa
Hi,
I'd like to introduce the following security policy for web-based apps.
If there are no objections, every new web-based app will have to conform
to the policy before it can be added to the tree. Every existing
web-based app will have to conform to the policy by the end of August,
or I will re
18 matches
Mail list logo
