A reminder that the TSC Agenda is up
Silona Bonewald <sbonewald@...>
Remember to read and comment on the updates that have been posted! For people doing check-ins tomorrow, it is expected that people have read the check-ins so only a high-level overview is necessary. The focus is on questions. Thank you, Silona --
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
binh nguyen
+1 to both. Thanks Binh
On Tue, Feb 19, 2019 at 5:19 PM Dave Huseby <dhuseby@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
Arnaud Le Hors
Likewise! +1.
toggle quoted messageShow quoted text
Thanks. -- Arnaud Le Hors - Senior Technical Staff Member, Web & Blockchain Open Technologies - IBM From: "Mark Wagner" <mwagner114@...> To: David Huseby <dhuseby@...> Cc: Hart Montgomery <hmontgomery@...>, Mic Bowman <cmickeyb@...>, Hyperledger List <tsc@...> Date: 02/20/2019 01:34 AM Subject: Re: [Hyperledger TSC] Proposed release of the Composer security audit report Sent by: tsc@... +1 to both releasing the report and proposing a change to the process. mark
On Tue, Feb 19, 2019, 19:09 Dave Huseby <dhuseby@...> wrote: That's a good proposal Hart. The policy now is to ask for approval to release these but it probably should be revised to: "release them as soon as all high and medium issues are resolved and only ask for TSC approval if there are any outstanding issues.". If y'all agree, I'll make a formal policy change request to this list and we can do a quick vote on Thursday. That will streamline things. Dave --- David Huseby Security Maven, Hyperledger The Linux Foundation +1-206-234-2392 dhuseby@... On Tue, Feb 19, 2019 at 4:00 PM Montgomery, Hart <hmontgomery@...> wrote: +1. As usual, I’m pretty much always in favor of releasing these.
Can we automate this process? It seems like we should have some kind of policy in the vein of “release the security audits unless there are major outstanding issues.”
Thanks, Hart
From: tsc@...[mailto:tsc@...]
On Behalf Of Mic Bowman
seems low risk to release. +1
--mic
On Tue, Feb 19, 2019 at 2:19 PM Dave Huseby <dhuseby@...> wrote: Hello TSC,
The other issues were about accepting non-TLS connections
and leaking unnecessary information in log error messages. ---
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Proposed change in security audit report release process
Dave Huseby <dhuseby@...>
Hi TSC, I would like to propose changing the security audit report release process so that once all high and medium security vulnerabilities are resolved, the report can be published without the approval of the TSC. To be explicit, TSC approval would be required to release a report with high and medium severity security bugs that have not been fixed. I can't imaging why we would ever need to do that, but I think it warrants stating and approving that explicitly. I don't need an indication of approval here, we can just do a quick vote on the process change at the Thursday meeting. Then I won't have to bug you on every report. I'll just send an email announcing its release along with the blog post detailing any interesting findings. Cheers! Dave
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
+1! Thanks dave for the work!
On Wed, Feb 20, 2019 at 6:19 AM Dave Huseby <dhuseby@...> wrote:
--
Best wishes! Baohua Yang
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
Mark Wagner
+1 to both releasing the report and proposing a change to the process. mark
On Tue, Feb 19, 2019, 19:09 Dave Huseby <dhuseby@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
Dave Huseby <dhuseby@...>
That's a good proposal Hart. The policy now is to ask for approval to release these but it probably should be revised to: "release them as soon as all high and medium issues are resolved and only ask for TSC approval if there are any outstanding issues.". If y'all agree, I'll make a formal policy change request to this list and we can do a quick vote on Thursday. That will streamline things. Dave
On Tue, Feb 19, 2019 at 4:00 PM Montgomery, Hart <hmontgomery@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
Olson, Kelly M <kelly.m.olson@...>
+1
From: tsc@... [mailto:tsc@...]
On Behalf Of hmontgomery@...
+1. As usual, I’m pretty much always in favor of releasing these.
Can we automate this process? It seems like we should have some kind of policy in the vein of “release the security audits unless there are major outstanding issues.”
Thanks, Hart
From:
tsc@... [mailto:tsc@...]
On Behalf Of Mic Bowman
seems low risk to release. +1
--mic
On Tue, Feb 19, 2019 at 2:19 PM Dave Huseby <dhuseby@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
hmontgomery@us.fujitsu.com <hmontgomery@...>
+1. As usual, I’m pretty much always in favor of releasing these.
Can we automate this process? It seems like we should have some kind of policy in the vein of “release the security audits unless there are major outstanding issues.”
Thanks, Hart
From: tsc@... [mailto:tsc@...]
On Behalf Of Mic Bowman
seems low risk to release. +1
--mic
On Tue, Feb 19, 2019 at 2:19 PM Dave Huseby <dhuseby@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Proposed release of the Composer security audit report
seems low risk to release. +1 --mic
On Tue, Feb 19, 2019 at 2:19 PM Dave Huseby <dhuseby@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Proposed release of the Composer security audit report
Dave Huseby <dhuseby@...>
Hello TSC, The time has come for the TSC to approve the release of the Composer audit report. The Composer audit done by Nettitude found a total of five issues, 2 medium risk, 2 low risk, and 1 data leakage notice. The first of the medium risk errors was simple to fix. Credentials for logging into blockchain instances were stored in world-readable files instead of only user-readable files. The second of the medium risk errors was the playground server accepting connections from any source IP address. This was solved by changing the code to bind to the loopback interface. The other issues were about accepting non-TLS connections and leaking unnecessary information in log error messages. Now that all of the issues of medium or higher have been fixed, it is time to publish the report and announce it. As always, if you are a member of the TSC and would like to read the reports before approving them, please email me directly and I will arrange for you to receive a copy. Cheers! Dave --- David Huseby Security Maven, Hyperledger The Linux Foundation +1-206-234-2392 dhuseby@...
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Hyperledger Technical WG China Quarterly Update Due #tsc-wg-update - Thu, 02/21/2019
#tsc-wg-update
#cal-reminder
tsc@lists.hyperledger.org Calendar <tsc@...>
Reminder: When: Organizer: Description:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Hyperledger Cello Quarterly Update Due #tsc-project-update - Thu, 02/21/2019
#cal-reminder
#tsc-project-update
tsc@lists.hyperledger.org Calendar <tsc@...>
Reminder: When: Organizer: Description:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Deadline Friday, February 22: Call for 2019 Hyperleger Internship Projects and Mentors
Min Yu
Dear Hyperledger Community Members, Hyperledger is expanding the internship program to fund 15 internship projects this year. The internship program is aimed at creating a structured hands-on learning opportunity for new developers who may otherwise lack the opportunity to gain exposure to Hyperledger open source development and entry into the technical community. Additional program information, including the program timeline, is available on the wiki. This is a great contribution opportunity for community members like you to get involved. Whether you're looking for fresh ideas or perspectives, or mentoring opportunities, or additional contributors for your project, the internship program provides a pathway for you to work with aspiring student developers. Please submit a project proposal and volunteer yourself as a mentor; the deadline for submission is this Friday, February 22nd. Thank you, Min ---------- Forwarded message --------- From: Min Yu <myu@...> Date: Mon, Feb 11, 2019 at 9:54 AM Subject: Get Involved! Become a Mentor for an Intern >> Call for 2019 Hyperleger Internship Projects and Mentors To: <hyperledger-discuss@...>, <hyperledger-tsc@...>, <ambassadors@...>, <universities@...> Hyperledger Technical Community - Read below testimonials from former mentors. We encourage you to get involved and become a mentor for an intern this year. The deadline to submit a project proposal is Friday next week, February 22nd. "The internship program was a great experience for my co-mentor and me. We found an intern who showed a ton of potential and was eager to learn and looking for a good first step into the real world. Though the time differences and our conflicting schedules presented us with some challenges, the end result really made everything worth it. Our intern was successful in completing her project, we got a new feature added to the fabric chaincode evm, and our intern left with skills that could help her throughout her career. The internship is a great way to bring some fresh eyes into our community but also an opportunity for those already in it to find ways to make it better." - Swetha Repakula, IBM, 2018 Mentor "As a mentor, I find it's a wonderful experience to help the intern students to get involved into the open source projects, where they show lots of passions and self-motivations. University are the birthplace of open source, and it's always a great honor to help these fledging blockchain researchers&engineers." - Baohua Yang, Oracle, 2017 and 2018 Mentor
On Mon, Jan 28, 2019 at 10:59 AM Min Yu <myu@...> wrote:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
14 February, 2019 TSC meeting minutes
Dave Huseby <dhuseby@...>
Hi Everyone, The meeting minutes as well as the recordings of the TSC meeting on 14 February are now posted here: Cheers! Dave
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: Agenda for TSC Valentines Day meeting is live
mark wagner <mwagner@...>
I am unable to attend the meeting today. -mark
On Wed, Feb 13, 2019 at 1:32 PM Silona Bonewald <sbonewald@...> wrote:
-- Mark Wagner Senior Principal Software Engineer
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
2019 Q1 Perf and Scale WG update
mark wagner <mwagner@...>
Distinguished Colleagues I have published the 2019 Q1 PSWG update here https://wiki.hyperledger.org/display/HYP/2019+Q1+Performance+and+Scale+WG I apologize for the tardiness in getting this out. Respectfully -- Mark Wagner Chair, Performance and Scale Working GroupHyperledger
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Re: [confluence] Hyperledger > Performance and Scale WG
Silona Bonewald <sbonewald@...>
Notice the Performance and Scale's TSC update page is up. TSC members please review and check your name off before the meeting on Thursday morning. Thank you, Silona
On Wed, Feb 13, 2019 at 1:04 PM Mark Wagner (Confluence) <noreply@...> wrote:
--
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Agenda for TSC Valentines Day meeting is live
Silona Bonewald <sbonewald@...>
Please feel free to add inline comments. Don't need to click "edit". simply highlight and wait a second and a comment button will occur. Cheers, Silona --
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[confluence] Hyperledger > 2019 Q1 Hyperledger Burrow
Silona Bonewald <sbonewald@...>
Hello TSC Members, The Burrow Update is live on the wiki - please read and your name off before the meeting. Thank you, Silona
--
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|