Security-wg: Who has has access to triage and report on the ecosystem program in H1?

Created on 2 Jul 2019  路  7Comments  路  Source: nodejs/security-wg

I can't check, because I myself don't currently have access anymore, which I think is an oversight, perhaps I lost access when I gained access to the Node.js program?

But besides getting access myself, its not completely clear to me who _does_ have access. Does every member of the security-wg have access, as a side-effect of joining the WG? If not, perhaps the top-level README should more clearly describe who does and does not have access to unpublicized vulnerability reports?

I would like to think anybody who wants to help maintain the public github repo, and get involved in discussions and WG meetings, etc, would be welcome to join and help out, even without enough history to be given full access to H1.

question

All 7 comments

In think @vdeturckheim and @lirantal are program admins and can check who has access. I do not have enough privileges on H1, but I think running an occasional audit of who-actually-has-access vs who-is-mentioned-in-README might not be a bad thing.

Currently admins are:

  • vdeturckheim
  • reed (H1)
  • cjihrig
  • lirantal
  • greentea (H1)

octetcloud is on pending invitation since June 21st, 2019 08:37 PM

@vdeturckheim I missed that invite, I can't find it in my mailbox. I also can't find it on H1, but I'd think there would be somewhere for me to find and accept it. @reedloden Is there? Or does @vdeturckheim have to reinvite me? (Sorry)

OK, I have access.

I would like to think anybody who wants to help maintain the public github repo, and get involved in discussions and WG meetings, etc, would be welcome to join and help out, even without enough history to be given full access to H1.

@sam-github about this one, I think we've learned that triaging vulns isn't that straight-forward and has real impact on the ecosystem so I would be inclined to just have people randomly involved on H1.

@lirantal I suspect you are agreeing with me here, https://github.com/nodejs/security-wg/issues/551#issuecomment-508220138, but I'm not sure. Did you mean "NOT" randomly involved?

@sam-github correct, sorry for being confusing.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

MarcinHoppe picture MarcinHoppe  路  7Comments

dougwilson picture dougwilson  路  8Comments

sam-github picture sam-github  路  5Comments

mhdawson picture mhdawson  路  8Comments

lirantal picture lirantal  路  7Comments