Comments (22)
Also:
This is currently being controlled here: https://github.com/nodejs/email/blob/master/iojs.org/aliases.json
We'd need a ## Security
section on the README to list this and explain the steps to take if you find a vulnerability.
from node-convergence-archive.
I volunteer. Do I need to file a PR for that aliases file?
Also, /cc @nodejs/crypto - I believe @indutny is or was on [email protected] and @shigeki probably makes a good addition as well.
from node-convergence-archive.
let's see how it shakes out in discussion, the TSC probably needs to sign off on the final list, we'll give it another week
from node-convergence-archive.
Add me up.
from node-convergence-archive.
Btw, it is probably a good manner to cc people when issue is created. Not everyone is watching the repo.
from node-convergence-archive.
/cc @nodejs/tsc
from node-convergence-archive.
Original issue: nodejs/node#430
from node-convergence-archive.
+1... Sign me up!
from node-convergence-archive.
I would like to be on the list.
from node-convergence-archive.
Please add me to the list.
from node-convergence-archive.
I'd like to be on the list as we need to quickly address issues in the IBM internal builds as well
from node-convergence-archive.
Proposing a security@ team:
from node-convergence-archive.
Joining the discussion a bit late, sorry about that. There is already a [email protected] mailing list, and a process outlined at https://nodejs.org/about/security/ that a lot of people have been using to report security issues. Why not start from here?
@rvagg If you're interested in having control over the management of the [email protected] mailing list, just say the word.
from node-convergence-archive.
Is there a passive participant position? Want to be part of this so I know what's going on, but doubt I'll have much to contribute outside of any security bugs I find.
from node-convergence-archive.
@rvagg Also, in case it wasn't clear, I should mention that Todd Benzies from the Linux Foundation is now managing the nodejs.org Google Apps domain, so it's really managed by the Node.js Foundation, not Joyent.
from node-convergence-archive.
@misterdjules thanks for the context, I wasn't aware of the Node.js security@ list or procedure (although I was looped in to the recent HP email thread which I guess should have clued me in!). I did a quick search of the repo / README and didn't see anything and since we don't have anything for iojs.org I figured this would be an overlapping concern but it seems not, yet anyway!
This actually comes from finally having MX set up for iojs.org so we can do email addresses and the only really pressing one is security@ so I wanted a list of people to put here: https://github.com/nodejs/email/blob/master/iojs.org/aliases.json - I also assumed we'd use the same setup (Mailgun) for nodejs.org continuing on from this issue.
I'm happy to sit on this issue for now then, since we have a [email protected] procedure in place that's all good. I'll set up an interim thing for iojs.org.
from node-convergence-archive.
nodejs/node#1948 - added a section to the io.js README
https://github.com/nodejs/email/blob/master/iojs.org/aliases.json#L3 - bounce email to [email protected] to [email protected]
from node-convergence-archive.
Who is going to add the people on the list to [email protected]?
from node-convergence-archive.
@bnoordhuis @tbenzies from the Linux Foundation can do that.
from node-convergence-archive.
Sent an email to Todd Benzies and asked him if he can join this thread.
from node-convergence-archive.
The following people have been added to [email protected]:
@rvagg
@bnoordhuis
@indutny
@jasnell
@cjihrig
@shigeki
@mhdawson
However, [email protected] is bouncing -- is there a different email address that I can use?
from node-convergence-archive.
Thank you @tbenzies!
from node-convergence-archive.
Related Issues (20)
- Node Foundation TSC Meeting 2015-06-24 HOT 5
- Optionally log master secrets for TLS connections HOT 1
- Node Foundation TSC Meeting 2015-07-01 HOT 8
- Consider/Evaluate Amazon's "s2n" TLS library HOT 6
- Cannot call method then of undefined HOT 2
- node: ../deps/uv/src/uv-common.c:143: uv_err_name: Assertion `0' failed. HOT 10
- Node Foundation TSC Meeting 2015-07-08 HOT 2
- uv_err_name: Assertion `0' failed during npm install HOT 3
- First release as the Node Foundation? HOT 1
- Node Foundation TSC Meeting 2015-07-15 HOT 16
- Node Foundation TSC Meetings are not being uploaded to Youtube HOT 6
- Node Foundation TSC Meeting 2015-07-22 HOT 7
- Node, OpenSSL, and patented encryption algorithms HOT 10
- Node Foundation TSC Meeting 2015-07-29 HOT 9
- net::Server.unref() failed on cluster mode HOT 3
- Provide a fs.createDirectoryReadStream (or something similar) to return a stream of files and directories within a directory HOT 1
- make install doesn't expand ~ on Linux HOT 2
- npm does nothing HOT 1
- [Converge] MSI related changes HOT 1
- save us from our own trailing periods HOT 10
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from node-convergence-archive.