| | |
|---|
Security Manager Role
| @Feanil Patel | Axim-specific code will be move to new Axim GH org. This will let us make someone from Security WG a “Security manager” in GH, which gives read/write to all repos in the openedx GH org. This gives Security WG folks more confidence to make changes as they won’t have scary admin powers.
|
Metrics in repo-health | @Jeremy Bowman | |
GH private forks | @Feanil Patel | |
Named release security notifications | @Jeremy Bowman | |
Batched pip updates | @Feanil Patel | GH actions updates can be individual b/c they’re less common We like batching pip updates because they happen so often Can we get the pip updates to tell us which updates are security updates?
|
Dependabot best practices | @Feanil Patel | |
New members | @Kyle McCormick | Does the WG have folks outside Axim & 2U? Not until now – Maria! The group is working on expanding. Maybe the “invite only” thing scared people off. We’ll need to reach out reach out to people. Phil was hoping Security WG would be a symposium of security organization – every operator has security concerns, and ideally we would all being collaborating to keep each other’s sites secure. Ideas: vulnerability hunt, book club Lots of interest in CVSS scoring - maybe a game here (“guess the score by the email”) What level of experience is the WG looking for? Probably willing to take folks who are new to security and grow them into the role. “The training doesn’t have to be secret” – as the group teaches new members, those exercises can be public so anyone can follow along. Only really a specific part of the group’s work needs to be private. Multiple current WG members started with little/no experience. We don’t want to intimate folks out of the group
Online meetup More education on what the group does Games
|
| | |