Skip to content
Snippets Groups Projects

FOR DISCUSSION: a proposal to add Project's Security Team

Merged FOR DISCUSSION: a proposal to add Project's Security Team
mrybczyn/development-process:proposal-security-team into 1.12
Merged Marta Rybczynska requested to merge mrybczyn/development-process:proposal-security-team into 1.12
Compare
and
1 file
+ 15
0
Compare changes
  • Side-by-side
  • Inline
source/development_process.adoc
+ 15
0
@@ -268,6 +268,21 @@ Projects are required to make a Project plan available to their community at the
Project Plans must be delivered to the community through communication channels approved by the EMO. The exact nature of the Project plan varies depending on numerous variables, including the size and expectations of the communities, and requirements specified by the PMC.
[#4_11_Projects_Security_Team]
=== 4.11 Project's Security Team
Projects must engage in timely resolution of security issues as described in the {securityPolicyUrl}[Eclipse Foundation Security Policy].
Developers who have access to vulnerability reports and information on security incidents related to the Project form the Project's Security Team. By default, all Committers belong to tha group. A given Project might only have one Project's Security Team.
Any Committer may propose a creation of a separate Project's Security Team to the PMC. If the PMC approves the proposal, all Committers vote on the proposal. The creation of a separate Project's Security Team requires consensus with no objections (only +1 or abstentions, no -1 votes). The same rule applies to the closing of a separate Project's Security Team.
Members of the Project's Security team are voted in by all Committers using the same rules as for election of Committers with exceptions specified in this section.
The Project's Security Team must consist of at least two persons; at least one of them must be a Committer in the Project. A representative from the PMC of the project is recommended. The Project is free to elect non-Committers to the Project's Security Team, given that they have relevant security experience. The Project's PMC might decide on additional rules for the composition of the Project's Security Team.
The members of Project's Security Team must keep strict confidentiality of issues before they are resolved and released publicly. For resolution of a particular issue, they might bring in additional Committers or Contributors, or additional domain experts. Those contributors must adhere to the same confidentiality guidelines.
[#5_Reserved]
== 5. [Reserved]

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent