Hello everyone,
This email is a continuation of https://groups.google.com/g/jenkinsci-dev/c/8cy8w7ZqyB8/m/eZfaenQzEAAJ. The "CERT" (= Security team) has access to some confidential information like not-yet-disclosed vulnerabilities, which fixes are in progress, internal discussions about problems to solve, etc. Several members of this team have been inactive for a long time, some of them multiple years. Those unused permissions are a risk to the project, due to phishing campaigns or accidental screen sharing for examples. During my search I differentiated the people working on a particular plugin fix and the ones that are actively contributing to the security globally. Nothing changed for plugin maintainers who will still receive specific access to their own scope. The impact is on permissions in GitHub, in Jira and the [email protected], where some had access to one but not the other. Thanks everyone for your past contributions, and you’re of course welcome back any time :) For transparency and future reference, here is the list of people who are at least partially affected: - Beatriz Muñoz - Jeff Thompson - Kohsuke Kawaguchi - Oleg Nenashev - Olivier Vernin - Matt Sicker - R. Tyler Croy - Raúl Arabaolaza Barquin Best regards, Wadeck Follonier Security officer -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/56090ebe-de00-4c3b-876f-c6858e8b46e9n%40googlegroups.com.
