Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96804 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 9449 invoked from network); 10 Nov 2016 02:59:28 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 10 Nov 2016 02:59:28 -0000 Authentication-Results: pb1.pair.com header.from=kalle.php@gmail.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=kalle.php@gmail.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.50 as permitted sender) X-PHP-List-Original-Sender: kalle.php@gmail.com X-Host-Fingerprint: 209.85.214.50 mail-it0-f50.google.com Received: from [209.85.214.50] ([209.85.214.50:37744] helo=mail-it0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 23/4D-15787-B82E3285 for ; Wed, 09 Nov 2016 21:59:27 -0500 Received: by mail-it0-f50.google.com with SMTP id u205so9022254itc.0 for ; Wed, 09 Nov 2016 18:59:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=NLCR91IUWO9wLISnBuh2sDzKvZeUtDlRRLQlkf3fxlA=; b=IaZTl0iSO32k4DcOvPZoM9VohEjg8JW0Cdk/8HTffjiCna1ryML+xXlhyKrzNiB7oA a1j0BcPjS2INNExKnxyx8l/kDe/aLvFJ7aEDoNQh3b7KPSL+amDxKFBabP98Ldl8LAZD fxqSp3Ba19T0VaqPmgICgOK3I7FwQQRg0g/S0vJ5pFLwIQUiEVpr9cFTQDhi9O79ThoS 3dm1CGxknl3U6po/kAoQHWGyQRZauaIkAYZx/DjJTlj8WGA+6tymPh8rzIhgUW6JQXzc jz76M7BNgwETyJuu4rym47I3XgcvuyaUbjmxiU5pa3f7Tvgpha32yiUEjCi9PrzDL/d4 9zeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=NLCR91IUWO9wLISnBuh2sDzKvZeUtDlRRLQlkf3fxlA=; b=in8yH+0MjNM2difs8oYJjsrhzQndFI0LL8AGXlBvh/NtAGqw53KZUdFufsNZbZmz/F hxIPzylGmEbrIA7EkFyQb2abEP6+IRNHkZ7qJ6H4LObAwTmgqFtoDIx4T0vaJNG8z0xG kumfxFqbrtt+Iq216A/T0YzWQK3M7SxSXnmR7zj2doHV8dSUY05s0/D/NIG8mbZxh4PH ffnpcLtrXKjTNqF/UYcTdmaKEfRR0ydrH0v3pppdxuqPfswGRanaos57m+xZ3V0Tq6Vz RGxOY8IGu/s9TUzfozW9eQN/FlOLf7zp43k7vapK3l7tohSzYGgHFcwyC9Zpbppqgyxk pFww== X-Gm-Message-State: ABUngvcuUQGbtqnt8Kelv7Px9SuSy3iX4LblZxhL6rA35V25tdhSX3YJ1myBnW5iJIZSRyrlYdCiTCDKXwe6Cg== X-Received: by 10.107.19.22 with SMTP id b22mr3540275ioj.236.1478746760547; Wed, 09 Nov 2016 18:59:20 -0800 (PST) MIME-Version: 1.0 Sender: kalle.php@gmail.com Received: by 10.107.138.234 with HTTP; Wed, 9 Nov 2016 18:59:20 -0800 (PST) In-Reply-To: <025c01d23ae3$19a274b0$4ce75e10$@belski.net> References: <3a5408bc-b71d-920c-45e4-b9be02350b6c@gmail.com> <3214aa0e-cb6f-e90b-9d4a-7d9b6236bd6e@gmail.com> <025c01d23ae3$19a274b0$4ce75e10$@belski.net> Date: Thu, 10 Nov 2016 03:59:20 +0100 X-Google-Sender-Auth: rwaBOTuVlXest8UWZr2YAa-e6e4 Message-ID: To: Anatol Belski Cc: Stanislav Malyshev , Matteo Beccati , PHP Internals Content-Type: text/plain; charset=UTF-8 Subject: Re: [PHP-DEV] Security issue handling From: kalle@php.net (Kalle Sommer Nielsen) 2016-11-10 0:43 GMT+01:00 Anatol Belski : > At this point, what were our course of action? Seems there might be multiple tasks > > - granting the willing devs security karma > - setting up a private CI > - organizing a security team > > It probably would make sense, to make some plan on what is to be done, to come to the point. > I'm also interested in this, it seems that we should add people to the security ML, bugsweb (I can handle that part) and setup that private CI and once everyone is on the security ML, mail out a link to the private CI from there. -- regards, Kalle Sommer Nielsen kalle@php.net