Mailing list for Security (was: SV: [GENIVI security group] Security group assessment method discussion)

Walt Miner wminer at linuxfoundation.org
Wed Aug 31 12:02:07 EDT 2016


Gunnar and Jeremiah,
Thanks for the clarifications.

[SNIP]Walt, would you be able to share responsible disclosure policies for
vulnerabilities found from AGL? That might be useful input to the team.

Absolutely. Everything AGL does is out in the open.



Regards,
Walt

On Wed, Aug 24, 2016 at 5:39 AM, Andersson, Gunnar <
gunnar.x.andersson at volvocars.com> wrote:

> Walt,
>
> Please be patient with us because as Jeremiah says in the email you quoted
> below: policies are being worked out, and it will take at least another
> week or
> two to reach the right forums to do that.  Jeremiah, or someone else will
> surely
> inform on genivi-projects when it is done.
>
> To your direct question – no new mailing list has been set up yet, and I
> expect it will be done only when we have decided on all the details,
> including
> the disclosure policy, IPR policy, and so on.  I find that IPR policy is
> for example very
> well defined in GENIVI membership contracts – but if we decide to create a
> forum for
> the public then we need to make sure we have all details clear.  I
> understood in
> the last meeting that the current participants of the security team
> indicate that
> it is particularly important to get it right for this situation – more so
> than
> already existing mailing lists like -projects and those we have for various
> software components.
>
> Best Regards
> - Gunnar
>
> --
> Gunnar Andersson
> Lead Architect, GENIVI Alliance
> Infotainment, Volvo Car Corporation
>
>
> From: genivi-pmo-request at mail.genivi.org [mailto:genivi-pmo-request@
> mail.genivi.org] On Behalf Of Walt Miner
> Sent: den 23 augusti 2016 21:54
> To: Jeremiah Foster
> Cc: Stacy Janes; anuja at computer.org; genivi-pmo at mail.genivi.org;
> tal.bendavid at karambasecurity.com; genivi-projects at lists.genivi.org;
> peter_yang at trend.com.tw; Yoram Berholtz; assaf.harel at karambasecurity.com;
> Antonio De Rosa
> Subject: Re: Mailing list for Security (was: SV: [GENIVI security group]
> Security group assessment method discussion)
>
> So was a separate mail list set up?
>
> On Tue, Aug 23, 2016 at 2:52 PM, Jeremiah Foster <
> jeremiah.foster at pelagicore.com> wrote:
> Hiya Walt,
>
> On Tue, Aug 23, 2016 at 3:49 PM, Walt Miner <wminer at linuxfoundation.org>
> wrote:
> Non-GENIVI members such as myself have access to the GENIVI projects mail
> list. If you move the discussion elsewhere doesn't that close it it off to
> non-GENIVI members?
>
> We intentionally want non-members to be able to join the discussion. We
> only plan to moderate the list based on a set of published policies --
> we're still working those policies out.
>
> Cheers,
>
> Jeremiah
>
>
>


-- 
Walt Miner

  <https://twitter.com/VStarWalt>

Engineering Project Manager
The Linux Foundation
mobile: +1.847.502.7087


Visit us at:
automotive.linuxfoundation.org
www.linuxfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genivi.org/pipermail/genivi-projects_lists.genivi.org/attachments/20160831/fef28954/attachment.html>


More information about the genivi-projects mailing list