Meeting Notes May 2019

By David Jardin on 2019-04-30 08:22 in Security Strike Team

Time: Monday, 29th of April 2019, 7pm UTCAttendees: David, Tobias, Harald, Beat, Benjamin, Joel, Michael (joined after topic no 1)

ElectionsDavid’s and Tobias’ terms as Team Lead and Co Team Lead have ended, a new election has been held during the meeting. MotionsMaking Tobias the assistant team lead: 5 yes, 1 abstainMaking David the team lead: 4 yes, 1 no, 1 abstain

Currently open issues / 3.9- Redacted Content -

GPG Key RotationAs Phil Taylor was one of our GPG key holders and has left the team, we had to rotate our GPG key. The old key has been revoked, a new keypair has been generated and signed with the revoked key. They new public key is published: https://developer.joomla.org/security/gpg-keys.html

Budget 2019/2020The process for the next budget has started, JSST requested funds for:A team sprint, primarily focused on prepared statements (6000 USD) Funds to start a bug bounty program (20000 USD)

RIPS for JEDDavid has reached out to the JED team and suggest to utilize RIPS as part of JED checker to tackle the problem of insecure extensions. JED requested a budget for this.

- Redacted Topic -

2fa Enforcement in GithubDavid suggests to enforce 2fa in the Joomla Github organization. David is going to escalate the question to the next department lead meeting.

Read more https://volunteers.joomla.org/teams/security-strike-team/reports/1005-meeting-notes-may-2019

Add comment

Be nice, No ovet advertising unless you agree to our rates. Posting indicates agreement and consent.


Security code
Refresh