-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New governance model: Jupyter Security subproject #111
Comments
I think this would be great! My only questions would be about organization, GitHub-wise. GitHub orgs can have teams, e.g. a 'security' team, which I think is useful when drafting security advisories via github's tools. This can be tedious to coordinate across our growing number of GitHub orgs, but jupyter-server definitely isn't the only org with security issues. My inclination would be to put the repo on the base |
I remember it has been mentioned yesterday that the wording used in the current WIP governance model (working-group vs project ?) for the security aspects should/could be revisited. Beyond the wording, I am interested to learn more how Jupyter envisions the definition and handling of security issues. |
I fully agree with @minrk's take, that was also my immediate reaction. |
For reference, there's now a post on discourse about this to announce it to the community, so they can start rallying around the new repo. I'm going to close this issue as I think this job is done, and we now have the necessary scaffolding in place for further work. Thanks @rpwagner @minrk @rcthomas @afshin ! |
Based on discussions and encouragement (particularly from @afshin and @blink1073) during the
jupyter-server
call today, @rcthomas, Tiffany Connors, and I (@rpwagner) would like to establish the Jupyter Security Subproject. Our work planning the Jupyter Community Workshop on security best practices has broadened, and includes an engagement with TrustedCI. With the additional support from TrustedCI, we can begin working on security-related activities ahead of the workshop, such as policy recommendations, or secure development practices.During today's call, the jupyter_security repo was set up under the jupyter-server org as a starting point to capture this work. Later, this could become the
team-compass
repo for the Subproject. It was also recommended that we create a post on Discourse to let the community know about the Subproject. What should be included in the announcement? E.g., meeting times and location? We want to ensure we have the minimum structure needed to work with the rest of community.We're looking forward to any feedback on this idea. I will try to attend the July 30, 2021, governance call to see if there is any discussion around it.
The text was updated successfully, but these errors were encountered: