June 23 from 1:00 PM-2:00 PM EST
https://join.skype.com/uohKGgCNMBSG
http://doodle.com/poll/by5vusagpf7ekb4y complete
Introductions: Who are you and why did you join this group?
Terms of reference
The name of the interest group.
- ISIG
The overall purpose of the interest group.
- Respond to Security Alert Tickets in Durspace https://jira.duraspace.org/projects/ISLANDORA/
- @manez Is checking with Duraspace to aquire a special user group to allow tickets assigned to the security group initially be only viewable to this group
Any specific directives defining goals and tasks.
- Response team has to Agree to be used at a moment's notice
- The interest group is to meet to discuss policies and proceedures for security response team
- Some interest was expressed to have this as both a policy/proceedure group as well as the response team. This could require the response team to be familiar with topics over time that this interest group found essential to monitor.
- Some participants noted that the expectation of discussing all known documented vulnerabilities of the the Islandora stack isn't the point of the interest group and would take up entirely too much time.
The interest group’s methods of operation.
- Email Melissa to be added to the response team
- Maintainer is informed of security issue after patch is ready
- This may be an issue not completely explored fully about how long it would take the maintainer to test and merge the pull request.
- Once patch is released the ticket is set to public
- Possibly needs more discussion!
The reporting structure and mechanism, including time and method of reporting.
- Alert Committers Group first if no response within 24 hours alert Roadmap Group
- Upload Notes on meetings but NOT on known security issues in Github
- Page on Islandora.ca on how to report an issue
Links for scheduling discussions
Links to questions: https://goo.gl/dnpsqM
Next steps: How do we move this forward?
- Make up team of responder
- Request a new User group for Duraspace (@manez)
June 30 from 3:15 PM-4:15 PM EST
Don Richards (chair)
2nd Chair Needed (chair)
-
No group was constructed. Several people on this called wanted to talk with the Committers first to see if any were interested.
-
Mozilla Reports to a private mailing list. This was suggested as an option.
-
Respond to Security Alert Tickets in Durspace https://jira.duraspace.org/projects/ISLANDORA/
-
@manez Is checking with Duraspace to aquire a special user group to allow tickets assigned to the security group initially be only viewable to this group
-
Email Melissa to be added to the response team
-
Once patch is released the ticket is set to public
- Possibly needs more discussion!
-
Maintainer is informed of security issue after patch is ready
- This may be an issue not completely discussed fully about how long it would take the maintainer to test and merge the pull request.
-
Response team has to Agree to be used at a moment's notice
-
The interest group is to meet to discuss policies and proceedures for security response team
- Some interest was expressed to have this as both a policy/proceedure group as well as the response team. This could require the response team to be familiar with topics over time that this interest group found essential to monitor.
- Some participants noted that the expectation of discussing all known documented vulnerabilities of the Islandora stack isn't the point of the interest group and would take up entirely too much time.
-
Once patch is released the ticket is set to public
-
How do we make a team of responders?
- Only take in those with security knownledge
- How do we determine this?
- Not Sure
- How do we determine this?
- Only take in those with security knownledge