Date   

Re: Introducing David Jorm, security response process expert

David Jorm <david.jorm@...>
 

Sorry for the late notice, but I've had some meetings scheduled early tomorrow morning my time, so won't be able to make it today. It would be great if the TSC could take a look through the process I've drafted, and we can discuss it in more detail during the next meeting.

Thank
David

On Thu, May 19, 2016 at 9:19 AM, David Jorm <david.jorm@...> wrote:
I can attend, but it would be good if we could make this the first agenda item.

Thanks
David

On Thu, May 19, 2016 at 5:19 AM, Edward Warnicke <hagbard@...> wrote:
David,

Thank you for the work, I will add it to the TSC agenda for tomorrow.  Will you be able to attend to discuss it (8am PST)?  If so, do you have any constraints on your time that would influence when in the agenda we cover it (needing to leave before the end of the meeting for example)?

Ed

On Wed, May 18, 2016 at 1:20 AM, David Jorm <david.jorm@...> wrote:
Hi All

I have now drafted an initial process for review, as discussed:

https://wiki.fd.io/view/TSC:Vulnerability_Management

This process is based on the one I developed for OpenDaylight, but has been simplified to suit fd.io. I think the next steps are to send out a call for participation on the security team, form that team to review and approve the process, then turn our attention to implementation. Here is some text for the call for participation, which I think should come from a more established member of the community rather than from me:

-begin-
As fd.io grows and matures, we realize it is important to establish a vulnerability management process and a security team to define and execute it. We're looking for a small group of security-minded people who can form this team. Responsibilities will include:

* Reading and triaging incoming reports of security issues
* Producing patches for security issues as a top priority
* Maintaining confidentiality of security issues until they are patched and publicly disclosed
* Writing advisories to communicate information about security issues and patches to the community

We have David Jorm, an experienced security engineer, onboard to lead the team and define the process, so don't worry if you aren't a security expert. Anyone who is an active fd.io developer or other contributor would be welcome to join the team. If you are interested, please let the TSC know.
-end-

Thanks
David

On Mon, Apr 25, 2016 at 9:29 PM, Edward Warnicke <hagbard@...> wrote:
In keeping with my action item from the last TSC meeting, please meet David Jorm,
the security response process expert who helped OpenDaylight in formulating their
process.  He will be joining us at our next TSC meeting to assist us in formulating the 
fd.io Security Response Process.

Many thanks to David, for stepping up again to help :)

Ed





i like it

bensons@...
 

Hey, This it what you like, you just have to take a look! Info here http://ntybengeri.tftinc.net/attraction.php

 

All the best, bensons@...


Re: Introducing David Jorm, security response process expert

David Jorm <david.jorm@...>
 

I can attend, but it would be good if we could make this the first agenda item.

Thanks
David

On Thu, May 19, 2016 at 5:19 AM, Edward Warnicke <hagbard@...> wrote:
David,

Thank you for the work, I will add it to the TSC agenda for tomorrow.  Will you be able to attend to discuss it (8am PST)?  If so, do you have any constraints on your time that would influence when in the agenda we cover it (needing to leave before the end of the meeting for example)?

Ed

On Wed, May 18, 2016 at 1:20 AM, David Jorm <david.jorm@...> wrote:
Hi All

I have now drafted an initial process for review, as discussed:

https://wiki.fd.io/view/TSC:Vulnerability_Management

This process is based on the one I developed for OpenDaylight, but has been simplified to suit fd.io. I think the next steps are to send out a call for participation on the security team, form that team to review and approve the process, then turn our attention to implementation. Here is some text for the call for participation, which I think should come from a more established member of the community rather than from me:

-begin-
As fd.io grows and matures, we realize it is important to establish a vulnerability management process and a security team to define and execute it. We're looking for a small group of security-minded people who can form this team. Responsibilities will include:

* Reading and triaging incoming reports of security issues
* Producing patches for security issues as a top priority
* Maintaining confidentiality of security issues until they are patched and publicly disclosed
* Writing advisories to communicate information about security issues and patches to the community

We have David Jorm, an experienced security engineer, onboard to lead the team and define the process, so don't worry if you aren't a security expert. Anyone who is an active fd.io developer or other contributor would be welcome to join the team. If you are interested, please let the TSC know.
-end-

Thanks
David

On Mon, Apr 25, 2016 at 9:29 PM, Edward Warnicke <hagbard@...> wrote:
In keeping with my action item from the last TSC meeting, please meet David Jorm,
the security response process expert who helped OpenDaylight in formulating their
process.  He will be joining us at our next TSC meeting to assist us in formulating the 
fd.io Security Response Process.

Many thanks to David, for stepping up again to help :)

Ed




Re: Introducing David Jorm, security response process expert

Edward Warnicke
 

David,

Thank you for the work, I will add it to the TSC agenda for tomorrow.  Will you be able to attend to discuss it (8am PST)?  If so, do you have any constraints on your time that would influence when in the agenda we cover it (needing to leave before the end of the meeting for example)?

Ed

On Wed, May 18, 2016 at 1:20 AM, David Jorm <david.jorm@...> wrote:
Hi All

I have now drafted an initial process for review, as discussed:

https://wiki.fd.io/view/TSC:Vulnerability_Management

This process is based on the one I developed for OpenDaylight, but has been simplified to suit fd.io. I think the next steps are to send out a call for participation on the security team, form that team to review and approve the process, then turn our attention to implementation. Here is some text for the call for participation, which I think should come from a more established member of the community rather than from me:

-begin-
As fd.io grows and matures, we realize it is important to establish a vulnerability management process and a security team to define and execute it. We're looking for a small group of security-minded people who can form this team. Responsibilities will include:

* Reading and triaging incoming reports of security issues
* Producing patches for security issues as a top priority
* Maintaining confidentiality of security issues until they are patched and publicly disclosed
* Writing advisories to communicate information about security issues and patches to the community

We have David Jorm, an experienced security engineer, onboard to lead the team and define the process, so don't worry if you aren't a security expert. Anyone who is an active fd.io developer or other contributor would be welcome to join the team. If you are interested, please let the TSC know.
-end-

Thanks
David

On Mon, Apr 25, 2016 at 9:29 PM, Edward Warnicke <hagbard@...> wrote:
In keeping with my action item from the last TSC meeting, please meet David Jorm,
the security response process expert who helped OpenDaylight in formulating their
process.  He will be joining us at our next TSC meeting to assist us in formulating the 
fd.io Security Response Process.

Many thanks to David, for stepping up again to help :)

Ed



Re: Introducing David Jorm, security response process expert

David Jorm <david.jorm@...>
 

Hi All

I have now drafted an initial process for review, as discussed:

https://wiki.fd.io/view/TSC:Vulnerability_Management

This process is based on the one I developed for OpenDaylight, but has been simplified to suit fd.io. I think the next steps are to send out a call for participation on the security team, form that team to review and approve the process, then turn our attention to implementation. Here is some text for the call for participation, which I think should come from a more established member of the community rather than from me:

-begin-
As fd.io grows and matures, we realize it is important to establish a vulnerability management process and a security team to define and execute it. We're looking for a small group of security-minded people who can form this team. Responsibilities will include:

* Reading and triaging incoming reports of security issues
* Producing patches for security issues as a top priority
* Maintaining confidentiality of security issues until they are patched and publicly disclosed
* Writing advisories to communicate information about security issues and patches to the community

We have David Jorm, an experienced security engineer, onboard to lead the team and define the process, so don't worry if you aren't a security expert. Anyone who is an active fd.io developer or other contributor would be welcome to join the team. If you are interested, please let the TSC know.
-end-

Thanks
David

On Mon, Apr 25, 2016 at 9:29 PM, Edward Warnicke <hagbard@...> wrote:
In keeping with my action item from the last TSC meeting, please meet David Jorm,
the security response process expert who helped OpenDaylight in formulating their
process.  He will be joining us at our next TSC meeting to assist us in formulating the 
fd.io Security Response Process.

Many thanks to David, for stepping up again to help :)

Ed


Re: Pls add 3x new vpp committer approvals to tomorrow's TSC meeting agenda

Edward Warnicke
 

Added to the agenda as requested: https://wiki.fd.io/view/TSC#Agenda

Ed

On Wed, May 11, 2016 at 9:29 AM, Dave Barach (dbarach) <dbarach@...> wrote:
Dear Ed,

The vpp project has nominated and voted overwhelmingly (*) to accept three new committers:

Chris Luke: https://lists.fd.io/pipermail/vpp-dev/2016-May/000882.html
Florin Coras: https://lists.fd.io/pipermail/vpp-dev/2016-May/000885.html
Keith Burns: https://lists.fd.io/pipermail/vpp-dev/2016-May/000888.html

Please add an agenda item to tomorrow's TSC meeting to approve these appointments.

Thanks... Dave

(*) 100% +1's with 7 of 9 possible votes cast. I've reminded the two stragglers to vote. (;-).


Pls add 3x new vpp committer approvals to tomorrow's TSC meeting agenda

Dave Barach
 

Dear Ed,

The vpp project has nominated and voted overwhelmingly (*) to accept three new committers:

Chris Luke: https://lists.fd.io/pipermail/vpp-dev/2016-May/000882.html
Florin Coras: https://lists.fd.io/pipermail/vpp-dev/2016-May/000885.html
Keith Burns: https://lists.fd.io/pipermail/vpp-dev/2016-May/000888.html

Please add an agenda item to tomorrow's TSC meeting to approve these appointments.

Thanks... Dave

(*) 100% +1's with 7 of 9 possible votes cast. I've reminded the two stragglers to vote. (;-).


Infra Ticket Prioritization

Edward Warnicke
 

As discussed in the TSC today, while we are waiting to get general community
access to the infrastructure ticketing system, I have put together a wiki page 
to try to enumerate and prioritize the existing tickets:


This is done in large part to garner community feedback on the heuristic and priorities, so 
*please* do comment, make suggestions, tell me I did it all wrong, etc ;)

Ed


Intel Rep for 5/5 TSC call

Venkatesan, Venky
 

Keith Wiles (cc’d) will be Intel’s representative on today’s (3/31) Technical Steering Committee call.

 

Regards,

-Venky

 


VPP release packaging Jira "EPIC"

Keith Burns <alagalah@...>
 

https://jira.fd.io/browse/VPP-36

This has 3 tasks:
- original vpp-4 for RPM for OPNFV
- Ubuntu 14.04 and Ubuntu 16.04 tasks

I know folks are working on this but wanted to ensure we were tracking it in one place.

If you are working on any of the above, can you please grab the particular one you are working on ?


Re: NSH_SFC Project Technical Lead

Edward Warnicke
 

On Tue, May 3, 2016 at 2:22 PM, Joel Halpern <joel.halpern@...> wrote:

After announcing the need for a PTL, calling for volunteers, getting a self-nomination, and getting confirmation from the committers that the willing individual is acceptable (i.e. the team unanimously supported the guy whose arm got twisted into volunteering)

The PTL for the NSH_SFC project is Keith Burns of Cisco.

 

Yours,

Joel


_______________________________________________
tsc mailing list
tsc@...
https://lists.fd.io/mailman/listinfo/tsc


NSH_SFC Project Technical Lead

Joel Halpern
 

After announcing the need for a PTL, calling for volunteers, getting a self-nomination, and getting confirmation from the committers that the willing individual is acceptable (i.e. the team unanimously supported the guy whose arm got twisted into volunteering)

The PTL for the NSH_SFC project is Keith Burns of Cisco.

 

Yours,

Joel


FDIO TWS reminder

Keith Burns <alagalah@...>
 

9:15 Pacific
WebEx: Cisco.WebEx.com/meet/krb (for this week... Will work out regular secure link soon)

Topic: fdio documentation. 

Bring ideas, willingness to help. This is an open discussion. 


Videos from April Training/Hackfest

Edward Warnicke
 

The videos from the Apr Training/Hackfest are up:


(the link above is to a playlist for all of the videos).

Enjoy!

Ed


VPP Sandbox Project Approval to next TSC meeting

Pierre Pfister (ppfister)
 

Hello TSC,

Could you please add the VPP Sandbox project proposal (https://wiki.fd.io/view/Project_Proposals/VPPSandbox) to next week agenda ?

Thanks,

- Pierre


Slides for FD.io event and agenda proposal

Pierre Pfister (ppfister)
 

Hello,

Here are the slides for today's proposal presentation.
https://cisco.box.com/s/tehu2juukcdlyf069c9uqg89rporu82p

Thank,

- Pierre


Re: Project Proposal for Transport Layer Development Kit (TLDK)

O'Driscoll, Tim
 

I forgot to add, can we schedule the creation review for this project for Thursday May 12th please?



Thanks,

Tim

 

From: tsc-bounces@... [mailto:tsc-bounces@...] On Behalf Of O'Driscoll, Tim
Sent: Thursday, April 28, 2016 11:29 AM
To: tsc@...
Subject: [tsc] Project Proposal for Transport Layer Development Kit (TLDK)

 

Please accept this project proposal for Transport Layer Development Kit (TLDK) for consideration.

https://wiki.fd.io/view/Project_Proposals/TLDK

 


Intel representation for 4/28 TSC call

Venkatesan, Venky
 

Tim O’Driscoll (cc’d) will be Intel’s representative on today’s (4/28) Technical Steering Committee call.

 

Regards,

-Venky

 

Venky Venkatesan

Intel Corp.

Hillsboro, OR

 


Project Proposal for Transport Layer Development Kit (TLDK)

O'Driscoll, Tim
 

Please accept this project proposal for Transport Layer Development Kit (TLDK) for consideration.

https://wiki.fd.io/view/Project_Proposals/TLDK

 


TWS for May3

Keith Burns <alagalah@...>
 

Folks,

I proposed an agenda for the TWS next week about fd.io Documentation


I will kick off a separate thread on this topic to track the discussion/thoughts but with VPP 16.06 coming (F0 Friday, RC0/1 on its heals), its a topic I'd like to get some visibility on within the community.

1601 - 1620 of 1726