Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
Overview is using the GitHub “private vulnerability reporting” to assign CVE numbers we control to our known security issues.
···
–
Jody Garnett
+1
The Feedback section read as a little confusing (probably because the tone of the document switched from descriptive to conversational). A short blurb providing some context at the start, or some indication of personas throughout ( i.e. quoted sections being identified as security researchers, etc.) would improve legibility. However, since this section is ultimately just examples and not procedure, this doesn’t affect my vote one way or the other.
Cheers,
Torben
···
–
Jody Garnett
Thanks, the GSIP has been revised with “volunteer”, “researcher”, “National CVE Numbering Authority” and the exchanges separated for clarity.
···
–
Jody Garnett
–
Jody Garnett
That’s a lot easier to follow, thanks.
Cheers,
Torben
···
–
Jody Garnett
–
Jody Garnett
It has been 10 days, I would like to request an extension on this proposal as I believe it is good response for the project.
Jody
···
–
Jody Garnett
+1
···
On 2023-09-12 14:36, Jody Garnett wrote:
Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
Overview is using the GitHub “private vulnerability reporting” to assign CVE numbers we control to our known security issues.
–
Jody Garnett_______________________________________________ Geoserver-devel mailing list [Geoserver-devel@lists.sourceforge.net](mailto:Geoserver-devel@lists.sourceforge.net) [https://lists.sourceforge.net/lists/listinfo/geoserver-devel](https://lists.sourceforge.net/lists/listinfo/geoserver-devel)
--
Kevin Smith
[smithkm@anonymised.com](mailto:smithkm@anonymised.com)
While not eligible to vote I'd like to give my thumbs-up for this proposal.
I think it is a step forward in taking more control of vulnerability reports. There will unfortunately always be people not following best/responsible practices because they are not interested in fixing the problem but rather to have a CVE out there with their name on it.
Mark
Reminder to vote on this topic, I understand security is a difficult topic to discuss in public anyone is welcome to reach out to me directly for questions/clarifications. The proposal has been clarified and refined from the questions and response provided thus far.
Project Steering Committee:
- Alessio Fabiani:
- Andrea Aime:
- Ian Turton:
- Jody Garnett: +1 initial motion
- Jukka Rahkonen:
- Kevin Smith: +1
- Simone Giannecchini:
- Torben Barsballe: +1
- Nuno Oliveira:
Community support:
- Mark Prins: +1 “While not eligible to vote I’d like to give my thumbs-up for this proposal.”
···
–
Jody Garnett
–
Jody Garnett
+1
Cheers
Andrea
···
–
Jody Garnett
–
Jody Garnett
Regards,
Andrea Aime
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail
+1
-Jukka Rahkonen-
···
Lähettäjä: Andrea Aime <andrea.aime@…6887…>
Lähetetty: lauantai 30. syyskuuta 2023 18.47
Vastaanottaja: Jody Garnett <jody.garnett@…403…>
Kopio: Torben Barsballe <torbenbarsballe@…403…>; Geoserver-devel geoserver-devel@lists.sourceforge.net; Alessio Fabiani <alessio.fabiani@…6887…>; Ian Turton <ijturton@…403…>; Rahkonen Jukka <jukka.rahkonen@…4189…>; Simone Giannecchini <simone.giannecchini@…6887…>; Nuno Oliveira <nuno.oliveira@…6887…>
Aihe: Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security Policy and CVE handling
+1
Cheers
Andrea
On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett <jody.garnett@…403…> wrote:
Reminder to vote on this topic, I understand security is a difficult topic to discuss in public anyone is welcome to reach out to me directly for questions/clarifications. The proposal has been clarified and refined from the questions and response provided thus far.
Project Steering Committee:
Alessio Fabiani:
Andrea Aime:
Ian Turton:
Jody Garnett: +1 initial motion
Jukka Rahkonen:
Kevin Smith: +1
Simone Giannecchini:
Torben Barsballe: +1
Nuno Oliveira:
Community support:
- Mark Prins: +1 “While not eligible to vote I’d like to give my thumbs-up for this proposal.”
–
Jody Garnett
On Sep 22, 2023 at 9:26:35 AM, Jody Garnett <jody.garnett@…403…> wrote:
It has been 10 days, I would like to request an extension on this proposal as I believe it is good response for the project.
Jody
On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe <torbenbarsballe@…403…> wrote:
+1
The Feedback section read as a little confusing (probably because the tone of the document switched from descriptive to conversational). A short blurb providing some context at the start, or some indication of personas throughout ( i.e. quoted sections being identified as security researchers, etc.) would improve legibility. However, since this section is ultimately just examples and not procedure, this doesn’t affect my vote one way or the other.
Cheers,
Torben
On Tue, Sep 12, 2023 at 2:37 PM Jody Garnett <jody.garnett@…403…> wrote:
Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
Overview is using the GitHub “private vulnerability reporting” to assign CVE numbers we control to our known security issues.
–
Jody Garnett
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
–
Regards,
Andrea Aime
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail
Thanks everyone,
The motion from September 12th is now passed (its ten day extension now elapsed).
-
Alessio Fabiani:
-
Andrea Aime: +1
-
Ian Turton: +1
-
Jody Garnett: +1 initial motion
-
Jukka Rahkonen: +1
-
Kevin Smith: +1
-
Simone Giannecchini:
-
Torben Barsballe: +1
-
Nuno Oliveira:
Community support:
- Mark Prins: +1
···
–
Jody Garnett
+1 Thanks
···
–
Jody Garnett
Regards,
Alessio Fabiani
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
+1, thank you.
···
–
Jody Garnett
Regards,
Alessio Fabiani
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Technical Lead / Project Manager
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
+0
···
Regards,
Simone Giannecchini
Online training classes for GeoNode, GeoServer and MapStore from the experts!
Visit https://www.geosolutionsgroup.com/professional-training/ for more information.
Ing. Simone Giannecchini
@simogeo
Founder/Director GeoSolutions Italy
President GeoSolutions USA
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 333 8128928
US: +1 (845) 547-7905
http://www.geosolutionsgroup.com
http://twitter.com/geosolutions_it
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
–
Jody Garnett
Regards,
Alessio Fabiani
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
Ing. Alessio Fabiani
@alfa7691
Founder/Technical Lead
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 331 6233686
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.
Regards,
Nuno Oliveira
==
GeoServer Professional Services from the experts!
Visit http://bit.ly/gs-services-us for more information.
Nuno Miguel Carvalho Oliveira
@nmcoliveira
Technical Lead / Project Manager
GeoSolutions Group
phone: +39 0584 962313
fax: +39 0584 1660272
https://www.geosolutionsgroup.com/
http://twitter.com/geosolutions_it
Con riferimento alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni circostanza inerente alla presente email (il suo contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
This email is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential or otherwise protected from disclosure. We remind that - as provided by European Regulation 2016/679 “GDPR” - copying, dissemination or use of this e-mail or the information herein by anyone other than the intended recipient is prohibited. If you have received this email by mistake, please notify us immediately by telephone or e-mail.