User Tools

Site Tools


devel:irc-meetings:2015a

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
devel:irc-meetings:2015a [2015/02/05 14:42]
oej
devel:irc-meetings:2015a [2015/02/10 12:08]
miconda [Agenda]
Line 1: Line 1:
-====== IRC Devel Meeting - 2014-05-14 ======+====== IRC Devel Meeting - 2015-02-11 ======
  
 Date: Date:
Line 6: Line 6:
     * Feb 12 (dcm)     * Feb 12 (dcm)
     * Feb 17 (dcm)     * Feb 17 (dcm)
 +    * 14:00 UTC (neuhaus)
  
 Time of the meeting across the world: Time of the meeting across the world:
Line 29: Line 30:
   * oej - Olle E. Johansson   * oej - Olle E. Johansson
   * vseva - Victor Seva   * vseva - Victor Seva
 +  * fisp - Fred Posner
  
  
Line 39: Line 41:
   * new additions (dcm)   * new additions (dcm)
   * roadmap to next major release (dcm)   * roadmap to next major release (dcm)
 +  * more consistency on name of main c file for a module (dcm)
 +  * rename sercmd to kamcmd in the source code (dcm)
  
 Kamailio Logo: Kamailio Logo:
Line 53: Line 57:
   * GitHub admin repo - admin/release scripts (vseva)   * GitHub admin repo - admin/release scripts (vseva)
   * Security vulnerability handling (proposal below) oej   * Security vulnerability handling (proposal below) oej
 +    * consider [[https://www.bestpractical.com/rtir/|RITR]]? (fisp) 
  
 +------
  
- +==== Security Vulnerability Policy (PROPOSAL) ====
-=== Security Vulnerability Policy (PROPOSAL) ===+
  
 References: References:
  * https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Vulnerabilities  * https://wiki.asterisk.org/wiki/display/AST/Asterisk+Security+Vulnerabilities
  
-== Definition ==+=== Definition ===
 ??? ???
  
Line 67: Line 72:
 sending messages to the server process.  sending messages to the server process. 
  
-== Reporting a security Vulnerability ==+=== Reporting a security Vulnerability ===
  
 If you believe there's a security vulnerability, please don't use the public forums. If you believe there's a security vulnerability, please don't use the public forums.
Line 78: Line 83:
   - The kamailio developer team will work to solve the issue. When there is a patch for the issue, it should NOT be committed directly. It should be coordinated with the release of a security release as well as the publication of a Kamailio project security vulnerability report.   - The kamailio developer team will work to solve the issue. When there is a patch for the issue, it should NOT be committed directly. It should be coordinated with the release of a security release as well as the publication of a Kamailio project security vulnerability report.
  
-== Publishing security vulnerabilities ==+=== Publishing security vulnerabilities ===
  
 Kamailio will publish security vulnerabilities, including an CVE ID, on the Kamailio will publish security vulnerabilities, including an CVE ID, on the
-kamailio-announce mailing list, sr-users as well as related lists.+kamailio-announce mailing list, sr-users as well as related lists. The advisories will 
 +also be published on the kamailio.org web site.
  
-== Kamailio Security Team ==+=== Kamailio Security Team ===
  
 A Kamailio Security team should be appointed with core developers of the project. These individuals will be part of the security process and review patches and text for the vulnerability report. Two persons should take the role of Kamailio Security Officers. One of these should manage each security incident - which does not mean solving the code issue, but managing the process from report to publication and patch release. A Kamailio Security team should be appointed with core developers of the project. These individuals will be part of the security process and review patches and text for the vulnerability report. Two persons should take the role of Kamailio Security Officers. One of these should manage each security incident - which does not mean solving the code issue, but managing the process from report to publication and patch release.
  
-== security@kamailio.org ==+=== security@kamailio.org ===
  
 This address should have a PGP key associated, used by the security officers. This address should have a PGP key associated, used by the security officers.
  
  
devel/irc-meetings/2015a.txt · Last modified: 2015/02/11 11:52 by miconda