Re: Upgrading Guix's security team

Am 16.11.23 um 15:22 schrieb Ludovic Courtès: We could distinguish security issues in packages provided by Guix from security issues in Guix itself. Maybe its also a good idea to add a security.txt to the website? https://en.wikipedia.org/wiki/Security.txt "is meant to allow security research

Re: Upgrading Guix's security team

Hello! Tobias Geerinckx-Rice skribis: > Great, I was waiting for someone to reply so's to glom on and ask to be > included in the same commit to minimise noise. Could you take care of updating the security web page? Ludo’.

Re: Upgrading Guix's security team

Hi, On mer., 22 nov. 2023 at 19:16, Ludovic Courtès wrote: > Leo, Tobias, and John: What would be a good end-of-term date for each > one of you? As I see it, it wouldn’t mean you cannot do an additional > term but rather that you’ll have an opportunity to leave and that you’ll > do your best to

Re: Upgrading Guix's security team

Hi Ludo’ and everyone else, On Wed, Nov 22, 2023 at 07:16 PM, Ludovic Courtès wrote: > Hello, > > Efraim Flashner skribis: > >> On Fri, Nov 17, 2023 at 11:31:41PM -0500, Maxim Cournoyer wrote: > > [...] > >>> > If maintainers agree (Cc’d), I invite you to add your name and a >>> > termination da

Re: Upgrading Guix's security team

Great, I was waiting for someone to reply so's to glom on and ask to be included in the same commit to minimise noise. So, there. Kind regards, T G-R Sent on the go. Excuse or enjoy my brevity.

Re: Upgrading Guix's security team

On Wed, Nov 22, 2023 at 07:16:21PM +0100, Ludovic Courtès wrote: > Leo, Tobias, and John: What would be a good end-of-term date for each > one of you? As I see it, it wouldn’t mean you cannot do an additional > term but rather that you’ll have an opportunity to leave and that you’ll > do your best

Re: Upgrading Guix's security team

Hello, Efraim Flashner skribis: > On Fri, Nov 17, 2023 at 11:31:41PM -0500, Maxim Cournoyer wrote: [...] >> > If maintainers agree (Cc’d), I invite you to add your name and a >> > termination date to the security page, remove my name, and subscribe to >> > guix-security. We should add a term

Re: Upgrading Guix's security team

On Fri, Nov 17, 2023 at 11:31:41PM -0500, Maxim Cournoyer wrote: > Hi, > > Ludovic Courtès writes: > > [...] > > > Yes, we definitely need a rotation here! I for one have my name there > > but regardless of my interest, I have to admit that I’ve been unable to > > be sufficiently responsive.

Re: Upgrading Guix's security team

Hi, Ludovic Courtès writes: [...] > Yes, we definitely need a rotation here! I for one have my name there > but regardless of my interest, I have to admit that I’ve been unable to > be sufficiently responsive. It’s time to let new folks take > responsibility. > > I think we should make this a

Re: Upgrading Guix's security team

Hello, Am Thu, Nov 16, 2023 at 03:22:42PM +0100 schrieb Ludovic Courtès: > Yes, we definitely need a rotation here! I for one have my name there > but regardless of my interest, I have to admit that I’ve been unable to > be sufficiently responsive. It’s time to let new folks take > responsibilit

Re: Upgrading Guix's security team

Hi John, Looks like this message was left unanswered for more than a month, which proves you have a point! John Kehayias skribis: > - current security email/people can be found here, which is nicely > visible yet probably in need of a > hand and new faces for

Upgrading Guix's security team

Hi Guixers! In light of the several high profile CVEs this month, which were/are being handled and more coming (curl joins the chat) some of us were discussing improving and systematizing our security team and responses. My thanks to Tobias for quick review to help finalize the XOrg CVE grafts,