[OPEN-ILS-DEV] Security team coordination

Sharp, Chris csharp at georgialibraries.org
Tue Jan 4 06:26:03 EST 2011 

Hi all,

> I understand
> there is a project either being planned or under way to change or
> rehost our mailing lists, and I hear Chris Sharp of GPLS is working on
> this. Chris, if this is indeed under your auspices and underway, we
> should coordinate this soon. If, however, it will be a while before
> anything happens in this area, ESI would be happy to host the security
> list for the community -- we can set this up very quickly. Since it
> should be low membership and relatively low traffic, moving it later
> shouldn't be a problem. Just let me know (assuming we don't change
> the plan to something other than a moderated, private list -- see
> below).

Yes, Mike, that's right - GPLS has created a dedicated list server for the Evergreen Community.  The only obstacle to going live that I'm aware of is the need for a new IP block for the new list server and some other servers on which GPLS is currently hosting.  I'm back today from two weeks off, so I'll make it a top priority to get a status report on where we are on this and report back to this and the General list as soon as I know something.

Chris Sharp
PINES Program Manager
Georgia Public Library Service
1800 Century Place, Suite 150
Atlanta, Georgia 30345
(404) 235-7147
csharp at georgialibraries.org
http://pines.georgialibraries.org/

----- Original Message -----
> From: "Mike Rylander" <mrylander at gmail.com>
> To: "Evergreen Development Discussion List" <OPEN-ILS-DEV at list.georgialibraries.org>
> Sent: Tuesday, December 21, 2010 1:32:36 PM
> Subject: [OPEN-ILS-DEV] Security team coordination
> Dan Scott recently set up an Evergreen Security Team on LaunchPad for
> the purpose of accepting, triaging, prioritizing and attacking
> security-related issues (vulnerabilities, etc) in Evergreen. However,
> beyond the membership -- all of whom will be alerted when a bug is
> tagged as a security issue (IIUC) -- there is no closed communication
> channel for the security team. This is important because we want to
> be able to address security issues before exploits are in the wild.
> 
> So, to that end, I would like to propose the creation of an
> open-ils-security mailing list. This list would need to allow anyone
> to post, but would be moderated for non-members. Members would be the
> Evergreen Security Team. This poses some amount of overhead to
> security team members, but may be a necessary evil. I understand
> there is a project either being planned or under way to change or
> rehost our mailing lists, and I hear Chris Sharp of GPLS is working on
> this. Chris, if this is indeed under your auspices and underway, we
> should coordinate this soon. If, however, it will be a while before
> anything happens in this area, ESI would be happy to host the security
> list for the community -- we can set this up very quickly. Since it
> should be low membership and relatively low traffic, moving it later
> shouldn't be a problem. Just let me know (assuming we don't change
> the plan to something other than a moderated, private list -- see
> below).
> 
> Ideas for alternate methods of communication amongst security team
> members are welcome, so if you can think of something that would work
> better for those that will be on the team and have less overhead,
> please reply here!
> 
> --
> Mike Rylander
> | VP, Research and Design
> | Equinox Software, Inc. / The Evergreen Experts
> | phone: 1-877-OPEN-ILS (673-6457)
> | email: miker at esilibrary.com
> | web: http://www.esilibrary.com

More information about the Open-ils-dev mailing list