opensearch-project / .github

Provides templates and resources for other OpenSearch project repositories.
Apache License 2.0
30 stars 70 forks source link

Transfer security processes to the OpenSearch Software Foundation #219

Open dblock opened 1 month ago

dblock commented 1 month ago

What/Why

What are you proposing?

Currently security mailing lists and processes are administered with help from Amazon. For example, in https://github.com/opensearch-project/.github/blob/main/RESPONSIBILITIES.md#prioritize-security we say "Note that this repository is monitored and supported 24/7 by Amazon Security, see Reporting a Vulnerability for details." and security @ mailing list is managed by AWS.

  1. Transfer all security processes and mailing lists to the OpenSearch Software Foundation.
  2. Expand the security team to folks from other organizations.

What users have asked for this feature?

Since https://www.linuxfoundation.org/press/linux-foundation-announces-opensearch-software-foundation-to-foster-open-collaboration-in-search-and-analytics.

What problems are you trying to solve?

Security should be managed by a trusted and diverse community.

varun-lodaya commented 1 month ago

I will take this up and start the work.

varun-lodaya commented 1 month ago

PR - https://github.com/opensearch-project/.github/pull/223. Addresses the first issue, will add subsequent PRs separately.

varun-lodaya commented 2 weeks ago

Adding more maintainers to form core Security Response Team - https://github.com/opensearch-project/.github/pull/232