Skip to content

Define and implement the concept of security team for projects

To handle vulnerabilities behind closed doors, we will need to grant access to some (private) resources to a subset of committers. To handle this concept of project's security team, we need:

  • Define the concept (a new project role) and election process
  • Implement its support in PMI and infra (Foundation DB). I guess that this could be an additive role to projects, and certain committers could have it.

This new role will have to be taken into account in github and gitlab sync tools.

I would like to take this opportunity to also request the creation of ldap groups for each role. Currently, we have 1 single group per project, which is assigned to all committers. It would be great to have 1 group per role (committer, project leads, security...).

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent