FOR DISCUSSION: a proposal to add Project's Security Team
The Project's Security Team is elected by Committers and takes care of handling confidential security issues of the Project. By default all Committers are in the Security Team.
Signed-off-by: Marta Rybczynska marta.rybczynska@eclipse-foundation.org
Merge request reports
Activity
mentioned in issue eclipsefdn/helpdesk#1709
added 1 commit
- 50f9b7c5 - development_process: a proposal to add Project's Security Team
Related to #10
@wbeaton could you review this one please?
mentioned in issue #18
- Resolved by Marta Rybczynska
As part of this, we need to give the role a name. Security Team refers to the entire team. We can refer to an individual as Committer or Project Lead. What do we call a member of the Security Team? Security Team Member feels a bit dull, but it's accurate and probably about as concise as we can hope.
- Last reply by Marta Rybczynska
FYI... as an open source project, the Eclipse Vhant project committers have the same leeway that we grant any other project to make whatever changes they deem necessary to the project repository.
The Eclipse Vhant project's main goal, however, is to have releases adopted as versions of the EDP which -- per the Bylaws of the Eclipse Foundation -- requires approval first from the Eclipse Architecture Council and finally from the Eclipse Foundation Board of Directors. To that end, decisions regarding what gets added or changed are made in consideration of those two constituencies.
We have to assume that anything that we add or change will have to be defended, so we may need additional information in that regard.
The usual practice is update the EDP no more frequently than once a year. When this merge request is ready, we will bring it to the AC for their review and comment. Other updates will be processed in similar fashion and the aggregate will be brought to the BoD for their approval. This is to say that this may take a little while to complete, so please be patient.
added 1 commit
- fb47e7bc - development_process: a proposal to add Project's Security Team
A new version pushed with your comments taken into account @wbeaton
@wbeaton how to we progress from here? What do we need in addition to prepare a redline?
/cc @mbarbero
The usual practice is update the EDP no more frequently than once a year. When this merge request is ready, we will bring it to the AC for their review and comment. Other updates will be processed in similar fashion and the aggregate will be brought to the BoD for their approval. This is to say that this may take a little while to complete, so please be patient.
Does this mean that we won't be able to propose this to BoD's meeting in June?
