Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:96801
Return-Path: <anatol.php@belski.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 96112 invoked from network); 9 Nov 2016 23:43:50 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 9 Nov 2016 23:43:50 -0000
Authentication-Results: pb1.pair.com smtp.mail=anatol.php@belski.net; spf=permerror; sender-id=unknown
Authentication-Results: pb1.pair.com header.from=anatol.php@belski.net; sender-id=unknown
Received-SPF: error (pb1.pair.com: domain belski.net from 85.214.73.107 cause and error)
X-PHP-List-Original-Sender: anatol.php@belski.net
X-Host-Fingerprint: 85.214.73.107 klapt.com  
Received: from [85.214.73.107] ([85.214.73.107:49548] helo=h1123647.serverkompetenz.net)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id F4/EB-15787-1B4B3285 for <internals@lists.php.net>; Wed, 09 Nov 2016 18:43:46 -0500
Received: by h1123647.serverkompetenz.net (Postfix, from userid 1006)
	id 0C6B8782D5F; Thu, 10 Nov 2016 00:43:43 +0100 (CET)
Received: from w530phpdev (p54A76B81.dip0.t-ipconnect.de [84.167.107.129])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by h1123647.serverkompetenz.net (Postfix) with ESMTPSA id C8731782D40;
	Thu, 10 Nov 2016 00:43:40 +0100 (CET)
To: "'Stanislav Malyshev'" <smalyshev@gmail.com>,
	"'Matteo Beccati'" <php@beccati.com>,
	"'PHP Internals'" <internals@lists.php.net>
References: <3a5408bc-b71d-920c-45e4-b9be02350b6c@gmail.com> <a697789d-701c-e8ae-9d3b-d4ba03fe6d68@beccati.com> <3214aa0e-cb6f-e90b-9d4a-7d9b6236bd6e@gmail.com>
In-Reply-To: <3214aa0e-cb6f-e90b-9d4a-7d9b6236bd6e@gmail.com>
Date: Thu, 10 Nov 2016 00:43:37 +0100
Message-ID: <025c01d23ae3$19a274b0$4ce75e10$@belski.net>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIw/dPx2uTzgX7O3dl7/zFSJ2INJgIQIvnSAg20kkqf8tZFQA==
Content-Language: en-us
Subject: RE: [PHP-DEV] Security issue handling
From: anatol.php@belski.net ("Anatol Belski")

Hi,

> -----Original Message-----
> From: Stanislav Malyshev [mailto:smalyshev@gmail.com]
> Sent: Saturday, November 5, 2016 8:13 PM
> To: Matteo Beccati <php@beccati.com>; PHP Internals
> <internals@lists.php.net>
> Subject: Re: [PHP-DEV] Security issue handling
>=20
> Hi!
>=20
> > On 24/10/2016 07:16, Stanislav Malyshev wrote:
> >> c. Get some specific people to volunteer to review patches in
> >> security repo regularly - how? Any takers?
> >
> > I'd be happy to help with reviewing and also setting up a private =
C.I.
> > to build and run the test suite regularly, if you think that's a =
good idea.
>=20
> I think it's a great idea, how could this be done? I'd be happy to run =
CI on
> security branch, it probably would remove 95% of the issues we had =
with merges.
>=20
At this point, what were our course of action? Seems there might be =
multiple tasks

- granting the willing devs security karma
- setting up a private CI
- organizing a security team

It probably would make sense, to make some plan on what is to be done, =
to come to the point.

Regards

Anatol