On Wed, Aug 7, 2019 at 5:23 AM Mark Cox <m...@apache.org> wrote: > > Hi all! > > Many of our projects struggle with the format of creating Mitre CVEs and > various text representations of vulnerabilities needed for public mailing > lists as per our security policy. > > But, one of the CVE automation working group members has been working on a > nice javascript tool that simplifies all this (https://vulnogram.github.io/), > and I'm working with it and him on making it so we can do an easy > customisation to guide ASF projects through the process. > > The tool runs standalone just static content once built (it may pull from > /public jsons too) so I'd really just need somewhere I can commit to that > appears under whimsy. In the future the tool may even be able to submit > direct to Mitre so it'd make sense to start it with requiring /committer/ > access to run it. > > So this could be as simple as agreeing a location and allowing me to update > things there?
Access control is whimsy is controlled by the following: https://github.com/apache/infrastructure-puppet/blob/c78e76b9ec292a7e5c3634d632ce396eb346d139/data/nodes/whimsy-vm4.apache.org.yaml#L135 What this means is that anything in the /committers/ directory can only be accessed by someone who is an ASF committer. For completeness, another possible home for this tool would be comdev. There is no precise division of labor between the two groups, so wherever you think is the best fit could be made to work. If you chose Whimsy, start with a pull request, and commit access is likely to follow shortly thereafter. The place in the source tree where artifacts that are served under the /committers/ directory can be found here: https://github.com/apache/whimsy/tree/master/www/committers > Mark - Sam Ruby
