[ZF] Need volunteers to work on security issues
steve at canonical.com
Mon Aug 7 15:03:12 EDT 2006
> Occasionally, we discover a security issue in Zope that needs to be
> addressed in a timely manner. There is a too-small informal cadre of
> volunteers who work on security issues. We need more people
> involved in this to help get this work done and to give us enough
> resources to make sure it gets done well, for example, with tests.
> For obvious reasons,
> this needs to be a trusted group of people, who are well known within
> the community. Also, I'd like to formalize this a bit by creating
> an identified group of people on a mailing list, so that there is no
> question of who to send issues to. Alternatively, I suppose we could
> use the collectors as the supporters would see security issues. I'm
> not sure that collectors have worked all that well for security
> issues in the past.
I would invite Zope to use Launchpad to track bugs. Launchpad has a
concept of "security contacts", which can be teams of people, who are
notified about security-related bugs. Some other features are listed in
> Finally, I think it would be good to get some representation from
> some of the major Zope projects to that representatives can analyze
> and respond to the impact on their projects.
I know that Martin Pitt, who works on security updates for Ubuntu, is
interested in this role as it relates to the Ubuntu Linux distribution.
More information about the Foundation