REQUEST: New/alter membership - Víctor Mayoral as "Member"

[vmayoral]

Request

This tickets aims to request "Approver" "Member" (edited, see below) privileges in the Security WG's infrastructure.

Requirements

• I have enabled 2FA on my GitHub account (https://github.com/settings/security)
• I am actively contributing to 1 or more projects under the ROS 2 Security Working Group
  • various ROS and ROS 2 packages

Sponsors (if applicable)

• Alias Robotics

List of contributions to ROS 2 Security Working Group

• PRs reviewed / authored

  • free valid_transitions for all states ros2/rcl#509
  • free valid_transitions for all states ros2/rcl#537
  • Bug fix in planning_scene, loadGeometryFromStream AcutronicRobotics/moveit2#113
  • Fix memory leak of 56 bytes in test_graph ros2/rcl#468
  • and more (see https://github.com/vmayoral/) for more public contributions

• Issues triaged

  • nav2_util: detected memory leaks, __default_reallocate  aliasrobotics/RVD#333
  • RVD#88: Unauthenticated updates in publisher list for specified topic aliasrobotics/RVD#88
  • RVD#87: Unauthenticated registration/unregistration with ROS Master API aliasrobotics/RVD#87
  • nav2_util: detected memory leaks, rcl_lifecycle_register_tra... aliasrobotics/RVD#167
  • RVD#918: buffer overflow allows attackers to cause a denial of service and possibly execute code aliasrobotics/RVD#918
    • more for ROS
    • more for ROS 2

• Other relevant project involvement

  • Security-related:
    • https://github.com/aliasrobotics/RVD
    • https://github.com/aliasrobotics/aztarna
    • https://github.com/aliasrobotics/ros_volatility
    • https://github.com/aliasrobotics/RVSS
    • https://github.com/aliasrobotics/RCTF
    • https://github.com/aliasrobotics/MARA_threat_model
    • https://github.com/aliasrobotics/RSF
  • Non-security by ROS (Quite a few, frankly. Listing some)
    • https://github.com/ros-controls/ros_control
    • https://github.com/ros2/design
    • https://github.com/ros-planning/moveit2
    • ...

[kyrofa]

Thanks for the application! I'm sorry it hasn't gotten a comment yet. Here's why:

• I am actively contributing to 1 or more projects under the ROS 2 Security Working Group
  • various ROS and ROS 2 packages

"Various ROS and ROS 2 packages" aren't under the ROS 2 security working group. In fact... none really are. We're working on that, at which time we'll have the proper context for membership.

[kyrofa]

Once again, I apologize for the delay. The Security Working Group is an open group. Anyone can attend our meetings, the Matrix room, etc. and participate in our discussions, without being a member of this particular GitHub org. This org was created in order for the WG to maintain projects as a team, which involves splitting responsibilities up across that team. That's why applications need to be evaluated in light of the projects we maintain. However, we only just started maintaining one, the SROS2 utilities, thus the delay.

Your general involvement in the ROS community is laudable, thank you for that! However, given that what we're talking about here is maintenance of the SROS2 utilities, a project with which you haven't been very involved, I think the role of Approver is not appropriate at this time. Member is probably the best place to start if you're willing to take on triaging responsibility.

[vmayoral]

Thanks @kyrofa. Seems fair, I really do not have direct contributions to SROS2 for the moment but hopefully that'll change :).

I'd be happy to take on triaging SROS2 flaws and participate as a Member.

[mikaelarguedas]

+1 for the application as a member and the attached rationale, reiterating that all roles are dynamic and can be revisited based on contributions to projects in the WG as well as the evolution of the list of projects in the WG.

Looking forward to working more closely with you on this @vmayoral !

[kyrofa]

Done. Thank you! @vmayoral, if at any point you feel unable to satisfy the duties of Member, please let us know.