Ports Secteam

Mark Felder feld at FreeBSD.org
Wed Jun 10 05:30:33 UTC 2015 


On Mon, Jun 8, 2015, at 18:31, Xin Li wrote:
> 
> On 06/08/15 14:37, Robert Simmons wrote:
> > I'm sure that the reason these questions have not been answered is 
> > simply because they may have gotten lost in the volume of traffic
> > on freebsd-ports. In the following thread, there are a number of
> > folks with enough passion to volunteer time to help with the Ports
> > Secteam, but we're having difficulty getting a few basic questions
> > answered. 
> > https://lists.freebsd.org/pipermail/freebsd-ports/2015-May/099268.html
> >
> >  Here are the basic questions:
> > 
> > Who are the members of the Ports Secteam?
> 
> Current members include the current security officers (who act as a
> fallback when needed and a contact for liaison for sensitive and
> embargoed information) and:
> 
> Eitan Adler (eadler@);
> Jason Helfman (jgh@);
> Martin Wilke (miwi@);
> Eygene Ryabinkin (rea@);
> Sofian Brabez (sbz@);
> Simon L. B. Nielsen (simon@, clusteradm@ liaison);
> Steve Wills (swills@);
> Wesley Shields (wxs@);
> Ryan Steinmetz (zi@);
> 
> > How does one join the Ports Secteam?
> 
> Per previous discussion with portmgr@, members are volunteers selected
> by the Security Officer from active ports committers who have made
> commits in the ports tree in the last 90 days.
> 

miwi stepped down 7 months ago. His name on this list is a huge red flag
that there is a lack of care and feeding for this team. As long as my
script isn't broken, here are the number of commits from March 1st
through June 1st by each committer in that list:

eadler:        6
jgh:       49
miwi:        0
rea:        5
sbz:        2
simon:        0
swills:      117
wxs:        1
zi:       64

There's an obvious lack of activity in that list and I would expect
participation in ports-secteam duties to be closely monitored and have
members rotated out if they take time away. My participation in the
ports tree has been rather sporadic lately, but the script I used
indicates I've 85 commits in that time period. However, I'm not sure
"number of commits" is necessarily a valuable metric when considering
candidates...

How do we make the ports-secteam effective again? Team members?
Infrastructure? New documentation and procedures?

More information about the freebsd-security mailing list