Skip to content

Add new security team field in PMI and synchronizes with our sync script

We need to add the ability to define the members of the Project Security Team in PMI, similar to how contributors are defined. Below are the requirements:

PROJECTS.ECLIPSE.ORG @epoirier

  • Only project leads can add, remove, and edit these fields
  • Allow projects to include existing groups in the security team. I suggest adding a checkbox for each of the following groups that the project can decide to include: committers, collaborators and project leads
    • Implementation details: I am thinking this should be a paragraph field with a user reference field and checkboxes.
  • When this new field is added to PMI, make sure that the committers checkbox is enabled by default
  • Add a field description to inform editors how this new field group works. For example, a user will be removed from the security team if they are removed from the list and are not part of any groups included in the security team.
  • Expose this information on our Project API

Sync Script (eclipsefdn-vc-tools) Implementation in GitHub @malowe @zacharysabourin

  • This group will translate in the creation of a new team in project’s GitHub organisation
    • Expected team name: tlp-project-security, e.g. technology-csi-security

Sync Script (eclipsefdn-vc-tools) Implementation in gitLab @malowe @zacharysabourin

  • Projects hosted at gitlab.eclipse.org can have a dedicated (no code) gitlab project for vulnerability reporting (e.g., https://gitlab.eclipse.org/security/oniro-core). The Project Security Team group will be granted membership to the security gitlab project
  • Expected project handle “project-short-name” and display name is “<project-name> Security”
  • This gitlab security project is never created automatically
  • Project security team is granted access to the gitlab security if a Gitlab group is specified in PMI for the Eclipse Project and the gitlab security project exists.

/cc @mbarbero Let me know if I am missing anything or wish to change any of these requirements before we start working on this.

@epoirier @malowe @zacharysabourin - Please let us know if you have any questions!

Edited by Christopher Guindon

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent