[Security Review] Dragonfly #1327
Comments
|
@gaius-qi Okay, can you edit the info above to mention who from the dragonfly side will be the "Project Security Lead"? Please also link to the self assessment as the "Project lead provides draft document"? |
|
I am willing to be a security reviewer for this project. I have read the security reviewer guidelines (in the past, before their link was broken... 😦 ), and have no conflicts. |
|
Hey @JustinCappos, I would like to volunteer with the security review (depending on eligibility). @gaius-qi, The "security reviewer guidelines" link and the "outline" links are not working in your initial comment. I would love to go through those. Disclosure: I have not done a CNCF project security review before. However, I am working in the security domain and have done threat modeling, security review of other projects outside of CNCF. |
Super, adding you. Would you kindly read this document and comment if you have any conflicts of interest? https://github.com/cncf/tag-security/blob/main/community/assessments/guide/security-reviewer.md (I'll try to get the link fixed.) |
|
I have read the security reviewer guidelines, and have no conflicts. |
|
Happy to volunteer. Have read the Security Reviewer Guidelines and have no conflicts. |
@JustinCappos Hey! I have edited the issue to add the "Project Security Lead". Is this PR a "Project lead provides draft document"? Do you need me to provide other content? 😊 Thanks @nyrahul @krishnakv |
|
@gaius-qi Are you also going to be the Dragonfly POC throughout the joint review? |
|
I'd be happy to be a security reviewer for this project. I have read the security reviewer guidelines and don't have any hard or soft conflicts. |
Sure |
|
I am willing to be a reviewer |
|
I'm willing to be the lead reviewer on this. I have no hard or soft conflicts. |
|
Okay, great! And away we go! @mnm678 you're all set to kick this off with the naive questions phase... |
|
@gaius-qi Could you create a draft joint assessment for us to iterate on? Most of the content will be similar to the self assessment that you linked. Maybe in Google docs or similar format for now to allow for comments and discussion. |
@gaius-qi , Gentle reminder. |
|
pinging again on this... Just want to make sure we're no dropping this issue... |
@nyrahul @JustinCappos I'm sorry sir, I'm very busy with work recently. I will provide a draft joint assessment before September 28th. 🙏🙏🙏 |
|
@mnm678 @nyrahul @JustinCappos Hey, I have finished a draft jonit assessment. |
|
@mnm678 should we start this process? Maybe we should use the channel #sec-assessment-dragonfly to discuss next steps. |
|
Thank you @gaius-qi! I have requested access to the joint assessment document to begin the clarifying questions phase. |
|
I do not see any activity in the #sec-assessment-dragonfly channel - could you please give Nikhita and I access to the joint assessment document @gaius-qi |
I have added the access. |
|
@nyrahul @mnm678 I have finished Security Analysis . Please help to review, thanks. https://docs.google.com/document/d/1qOVFC_q4goCicwkBlrSKcE8orbvU5MSUfMf7pLBckqc |
mrcdb
added
assessment
|
Before we officially start the hands-on assessment, if any reviewers would like to help out with the threat model, feel free to take a look at the document! |
Dragonfly maintainers have finished Threat Model. I have updated the threat model section in document. |
|
Reviewers, we are ready to start the assessment! Please review the assessment document and other relevant materials by the end of next week. |
Ack. I have started review/commenting in the doc. Will finish my review by Tuesday. |
|
Same here, I will try to prioritise this review early next week so I can get something by Tuesday/Wednesday at most. |
I have added my review in the doc. Also I did following as part of Hands-on Assessement section:
|
I have finished my review in the doc, there are several points where clarification is needed by the project maintainers. |
|
@gaius-qi do you have some time this week to make some clarifications in the doc? Then we can schedule a call to discuss and write up the joint assessment. Reviewers, please react with 👍 or 👎 on this message to indicate if you can join a call on November 4 at 11am EST. |
@mnm678 I can reply the docs in this week. Do I need to join the discussion meeting? |
@mnm678 I can join for the first 30 minutes at that time and then I have another appointment |
|
Looks like that time isn't great. Here's a poll to find a better one: https://doodle.com/meeting/participate/id/aMorOOOd. |
@JustinCappos can confirm the process, but I think as long as we have the replies in the doc you don't need to join the meeting. |
@mnm678 I will respond to questions on time, thanks. |
|
@mnm678 Hi, what is the current status of the assessment? 🙏 |
|
We're going to re-schedule the joint assessment meeting. Please put your availability here: https://doodle.com/meeting/participate/id/e0OvYZ3d |
Project Name: Dragonfly
Github URL: https://github.com/dragonflyoss/Dragonfly2
Project Security Lead: Wenbo Qi(Gaius)
CNCF project stage and issue (NA if not applicable): Incubation, applying for graduation.
Security Provider: no
The text was updated successfully, but these errors were encountered: