[Security Review] WasmEdge #1337
Comments
|
We have three other assessments ongoing. We'll likely have the bandwidth for this in early September. Who will be the project lead from your side? |
|
Hi @JustinCappos |
|
Is there anything else I should do before you start the review process, such as rebasing the PR? |
|
Where is the self assessment document at? You can update this issue to include a link. |
Here is the PR: https://github.com/cncf/tag-security/pull/1343/files |
|
Okay, thanks. I updated the issue description.
Depending on who the assessment lead is, they may prefer that you have
something in a google doc so that it is easier for folks to iterate quickly
on comments. If so, don't worry at all about the formatting, etc. Just
get the content there so people can work on it.
We have the assessment of dragonfly on-going. I'll try to get a team
together for your project while that is on-going. Certainly, we should be
able to start when that finishes or stalls, if nothing else.
…On Fri, Sep 20, 2024 at 8:39 AM hydai ***@***.***> wrote:
Where is the self assessment document at? You can update this issue to
include a link.
Here is the PR: https://github.com/cncf/tag-security/pull/1343/files
Please feel free to let me know if you need more materials for the review
process. Thanks.
Cc @dm4 <https://github.com/dm4> Please check the draft document item.
—
Reply to this email directly, view it on GitHub
<#1337 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGROD64LYJGATUEA3PI2PLZXQJRVAVCNFSM6AAAAABLZZWKDOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNRTGY2DIMZWGI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
I just created a Google Doc to help us collaborate and edit files more easily. Thank you for your help. https://docs.google.com/document/d/1Mv2AZRwkJjsjoputCyg_IuPk5gfFhQJuCx2fVigkic0/edit |
|
Just checking in to see if there are any updates on the security review for WasmEdge. Please let us know if there's anything else we can provide to help with the process. Thank you for your assistance and support. |
|
Okay, we need to recruit a group to do this assessment. We have an assessment ongoing currently, OSS Summit Japan is happening now and KubeCon NA is in 2 weeks. I think most likely this will not happen until after KubeCon NA. Sorry for the delay! |
|
I am interested as a participant. |
|
Great, @victorjunlu . Would you please read the guidelines and assert if you have a conflict? |
|
I'd also like to volunteer to be a security reviewer. I have no hard or soft conflicts. |
|
@JustinCappos Yes, I assert that I have no hard or soft conflicts. Thanks |
|
@brandtkeller @mnm678 @guilhermocc all expressed interest in being a reviewer. Can you each please read the guidelines and assert if you have any hard or soft conflicts? |
|
Hi, @JustinCappos @victorjunlu @brandtkeller @mnm678 @guilhermocc Thank you all for your interest! It would be fantastic to have you as reviewers for WasmEdge. Feel free to let me know if you have any questions about WasmEdge. |
@brandtkeller @mnm678 @guilhermocc Hope everyone made it back from KubeCon safely! When you get a chance, please read the guidelines and assert if you have a conflict? |
|
I have no hard or soft conflicts. |
|
Hi @JustinCappos , I m happy to help in the review, too. I read the guidelines and have no conflicts whatsoever. |
|
I am happy to lead this security review. I read the guidelines and I have neither hard or soft conflicts. |
|
Okay, thanks! @mrcdb we're ready to go with the naïve questions phase! |
@dm4 can you please copy the self-assessment content from the markdown (https://github.com/cncf/tag-security/pull/1343/files) to the Google Docs file? It's easier to work collectively on it and provide feedback/questions through the comment feature. |
|
Hi @mrcdb |
@dm4 I think the formatting looks broken as headings, tables and lists aren't looking right. Can you please ensure the formatting is consistent with the markdown preview? |
|
It should be fixed now. Please check again. Thanks. |
|
Thanks @hydai ! A minor fix would be to remove the first section that mirrors the github issue description but other than that it looks good. FYI I have requested edit access to the document, as the current permissions don't allow me to add comments. |
|
If possible I’d like to participate as an observer, since this would be my first security assessment here. I have no hard or soft conflicts. |
|
I'd like to participate as an observer, I have no conflicts. |
|
The first section is removed. I also updated the default permissions; it should be fine to add comments on the documents now. If you need, I can change the default permissions from commenter to editor. Thanks. |
|
@camilaavilarinho @matthewflannery Okay, added you both! |
and others
The WasmEdge team would like to initiate the CNCF TAG-Security Security Assessment (TSSA) process.
Project Name: WasmEdge
Github URL: https://github.com/WasmEdge/WasmEdge
CNCF project stage and issue: cncf/toc#1316 (sandbox)
Security Provider: No
The text was updated successfully, but these errors were encountered: