Evergreen DokuWiki

User Tools

Site Tools

You are here: start » dev » security
dev:security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
dev:security [2015/03/13 09:17] – [Security team] gmcharltondev:security [2023/06/01 13:22] (current) – [How are security fixes released?] master to main dyrcona
Line 4: Line 4:
  
 You can report a security-related issue in Evergreen via the bug tracking system at https://bugs.launchpad.net/evergreen -- be sure to check the box labeled "This bug is a security vulnerability". You can report a security-related issue in Evergreen via the bug tracking system at https://bugs.launchpad.net/evergreen -- be sure to check the box labeled "This bug is a security vulnerability".
 +
 +While we prefer that security bugs be reported via Launchpad, they can also be reported to [[mailto:security@evergreen-ils.org|security@evergreen-ils.org]].
  
 NOTE: If you are an active Evergreen "bug wrangler" or similar, you may instead have an option to change "This bug contains information that is:" from "Public" to "Private Security". NOTE: If you are an active Evergreen "bug wrangler" or similar, you may instead have an option to change "This bug contains information that is:" from "Public" to "Private Security".
Line 28: Line 30:
 ====How are security fixes released?==== ====How are security fixes released?====
  
-After testing, the code will be merged to the relevant public Evergreen branches (origin/master, origin/rel_2_3, …) and the Launchpad entries will be marked as Fix Committed.  From here, the process proceeds the same as a regular non-security release, though every effort will be made to cut the releases in a timely fashion.+After testing, the code will be merged to the relevant public Evergreen branches (origin/main, origin/rel_2_3, …) and the Launchpad entries will be marked as Fix Committed.  From here, the process proceeds the same as a regular non-security release, though every effort will be made to cut the releases in a timely fashion.
 ====How are security releases announced?==== ====How are security releases announced?====
  
Line 54: Line 56:
 Membership applications may be made by contacting one of the current Membership applications may be made by contacting one of the current
 security team members; a list of the current members' names will be security team members; a list of the current members' names will be
-maintained on the Evergreen wiki.+maintained on the Evergreen wiki.  [(**Proposed addition, pending approval**) Application for membership should include indication that you have read and agree to the conditions stated above.]
  
 Violations of the promises in (2) and (3) may result in immediate Violations of the promises in (2) and (3) may result in immediate
Line 75: Line 77:
   * a subscription and access to the private archives of the open-ils-security mailing list   * a subscription and access to the private archives of the open-ils-security mailing list
   * access to the Git repositories hosting security patches in progress.   * access to the Git repositories hosting security patches in progress.
 +
 +==== Current security team members ====
 +
 +  * Thomas Berezansky
 +  * Galen Charlton
 +  * Jeff Davis
 +  * Bill Erickson
 +  * Jeff Godin
 +  * Rogan Hamby
 +  * Kathy Lussier
 +  * Mike Rylander
 +  * Dan Scott
 +  * Chris Sharp
 +  * Ben Shum
 +  * Jason Stephenson
 +  * Yamil Suarez
 +  * Dan Wells
 +  * Liam Whalen
dev/security.1426252637.txt.gz · Last modified: 2022/02/10 13:34 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

© 2008-2022 GPLS and others. Evergreen is open source software, freely licensed under GNU GPLv2 or later.
The Evergreen Project is a U.S. 501(c)3 non-profit organization.