toc@lists.hyperledger.org | [Hyperledger Project TSC] Fwd: Core Infrastructure Initiative

-- 
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...
Twitter: @brianbehlendorf
-- 
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@linuxfoundation.org
Twitter: @brianbehlendorf
-- 
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...g
Twitter: @brianbehlendorf
-- 
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...g
Twitter: @brianbehlendorf

Brian Behlendorf <bbehlendorf@...> #502 This apparently was received truncated by some, though the archives have it in full, so resending now just in case others did not get the full message. Brian toggle quoted message Show quoted text From: Brian Behlendorf <bbehlendorf@...> Sent: December 1, 2016 11:57:58 PM GMT+02:00 To: "'hyperledger-tsc@...'" <hyperledger-tsc@...> Subject: Core Infrastructure Initiative - Security Badge As mentioned on today's call, as a way to telegraph publicly our community's commitment to secure coding practices, we may want to consider adopting the Core Infrastructure Initiatives's Badge Program for the entirety of Hyperledger, for all projects that have graduated from the incubator. The badge program is described here: https://www.coreinfrastructure.org/programs/badge-program and the criteria are documented here: -- Brian Behlendorf Executive Director, Hyperledger bbehlendorf@... Twitter: @brianbehlendorf -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
More All Messages By This Member
Ash <ash@...> #518 Hi Brian, Chris, et al, I'm still new to the Hyperledger community, but would like to help with CII Badging. I was part of the core team in OPNFV and am currently implementing the scanning into our CI pipeline. Also working with 3rd parties, who aren't CII Badged, on their scanning, etc. Best, Ash toggle quoted message Show quoted text On Thu, Dec 1, 2016 at 8:01 PM, Brian Behlendorf via hyperledger-tsc <hyperledger-tsc@...> wrote: This apparently was received truncated by some, though the archives have it in full, so resending now just in case others did not get the full message. Brian From: Brian Behlendorf <bbehlendorf@linuxfoundation.org> Sent: December 1, 2016 11:57:58 PM GMT+02:00 To: "'hyperledger-tsc@lists.hyperledger.org'" <hyperledger-tsc@lists.hyperledger.org> Subject: Core Infrastructure Initiative - Security Badge As mentioned on today's call, as a way to telegraph publicly our community's commitment to secure coding practices, we may want to consider adopting the Core Infrastructure Initiatives's Badge Program for the entirety of Hyperledger, for all projects that have graduated from the incubator. The badge program is described here: https://www.coreinfrastructure.org/programs/badge-program and the criteria are documented here: -- Brian Behlendorf Executive Director, Hyperledger bbehlendorf@linuxfoundation.org Twitter: @brianbehlendorf -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ hyperledger-tsc mailing list hyperledger-tsc@lists.hyperledger.org https://lists.hyperledger.org/mailman/listinfo/hyperledger-tsc
More All Messages By This Member
Christopher Ferris <chris.ferris@...> #519 Ash, This is awesome! Thanks for the offer to help. I was exploring getting scanning integrated into CI, myself. We do this internally but one of the things we lack is static analysis of Go, as our toolset doesn't cover Go. I reviewed the badging criteria and at least from a process perspective, think we are in pretty good shape. I have someone looking at the crypto-specific criteria because we have quite a bit. I fully expect that we'll need some remediation;-) Aside from static scanning, were there any other changes that OpenNFV made to their CI? Chris toggle quoted message Show quoted text On Fri, Dec 16, 2016 at 10:35 AM, Ash <ash@...> wrote: Hi Brian, Chris, et al, I'm still new to the Hyperledger community, but would like to help with CII Badging. I was part of the core team in OPNFV and am currently implementing the scanning into our CI pipeline. Also working with 3rd parties, who aren't CII Badged, on their scanning, etc. Best, Ash On Thu, Dec 1, 2016 at 8:01 PM, Brian Behlendorf via hyperledger-tsc <hyperledger-tsc@lists.hyperledger.org> wrote: This apparently was received truncated by some, though the archives have it in full, so resending now just in case others did not get the full message. Brian From: Brian Behlendorf <bbehlendorf@...rg> Sent: December 1, 2016 11:57:58 PM GMT+02:00 To: "'hyperledger-tsc@...edger.org'" <hyperledger-tsc@...dger.org> Subject: Core Infrastructure Initiative - Security Badge As mentioned on today's call, as a way to telegraph publicly our community's commitment to secure coding practices, we may want to consider adopting the Core Infrastructure Initiatives's Badge Program for the entirety of Hyperledger, for all projects that have graduated from the incubator. The badge program is described here: https://www.coreinfrastructure.org/programs/badge-program and the criteria are documented here: -- Brian Behlendorf Executive Director, Hyperledger bbehlendorf@...g Twitter: @brianbehlendorf -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ hyperledger-tsc mailing list hyperledger-tsc@...ger.org https://lists.hyperledger.org/mailman/listinfo/hyperledger-tsc
More All Messages By This Member
Ash <ash@...> #520 We've been doing static and we want to gate our gerrit check-ins, pending a scan. We're kinda taking a stepping stone approach, currently. You can see here where we are hashing out our thought process. So, this is in process for our Danube release, which is scheduled for early May. toggle quoted message Show quoted text On Fri, Dec 16, 2016 at 8:27 AM, Christopher Ferris <chris.ferris@...> wrote: Ash, This is awesome! Thanks for the offer to help. I was exploring getting scanning integrated into CI, myself. We do this internally but one of the things we lack is static analysis of Go, as our toolset doesn't cover Go. I reviewed the badging criteria and at least from a process perspective, think we are in pretty good shape. I have someone looking at the crypto-specific criteria because we have quite a bit. I fully expect that we'll need some remediation;-) Aside from static scanning, were there any other changes that OpenNFV made to their CI? Chris On Fri, Dec 16, 2016 at 10:35 AM, Ash <ash@...> wrote: Hi Brian, Chris, et al, I'm still new to the Hyperledger community, but would like to help with CII Badging. I was part of the core team in OPNFV and am currently implementing the scanning into our CI pipeline. Also working with 3rd parties, who aren't CII Badged, on their scanning, etc. Best, Ash On Thu, Dec 1, 2016 at 8:01 PM, Brian Behlendorf via hyperledger-tsc <hyperledger-tsc@...dger.org> wrote: This apparently was received truncated by some, though the archives have it in full, so resending now just in case others did not get the full message. Brian From: Brian Behlendorf <bbehlendorf@...rg> Sent: December 1, 2016 11:57:58 PM GMT+02:00 To: "'hyperledger-tsc@...edger.org'" <hyperledger-tsc@...dger.org> Subject: Core Infrastructure Initiative - Security Badge As mentioned on today's call, as a way to telegraph publicly our community's commitment to secure coding practices, we may want to consider adopting the Core Infrastructure Initiatives's Badge Program for the entirety of Hyperledger, for all projects that have graduated from the incubator. The badge program is described here: https://www.coreinfrastructure.org/programs/badge-program and the criteria are documented here: -- Brian Behlendorf Executive Director, Hyperledger bbehlendorf@...g Twitter: @brianbehlendorf -- Sent from my Android device with K-9 Mail. Please excuse my brevity. _______________________________________________ hyperledger-tsc mailing list hyperledger-tsc@...ger.org https://lists.hyperledger.org/mailman/listinfo/hyperledger-tsc
More All Messages By This Member

[Hyperledger Project TSC] Fwd: Core Infrastructure Initiative - Security Badge