[CentOS-devel] The CentOS Security Response Team

Wed May 21 14:27:55 UTC 2014
Trevor Hemsley <trevor.hemsley at ntlworld.com>

On 20/05/14 16:15, Karanbir Singh wrote:
> Hi,
>
> As SIG's come up and move forward - we are going to need to have a
> better established, documented and process driven security response
> team. While we can, in a pinch, reach into and request some resources
> from the RedHat SRT, they are in no way bound to help or even be
> involved in the overall CentOS Ecosystem - and we should really setup
> our own group to handle these requests.
>
> In the past conversations we had thought of setting up a group of maybe
> 3 to 5 people, who can triage and communicate with the respective groups
> of people responsible for the code or infra in question.
>
> This would not only include centos resources, but also be the contact
> point for upstream security notices from projects associated with us. In
> this case, they would be the people managing security at centos.org - with
> that email address being the primary contact for projects in the SIG's
> upstream as well.
>
> We would also then setup a private security mailing list.
>
> thoughts ? comments ? feedback ?

I'm interested and willing to be a part of this.

T