| opendevreview | OpenStack Proposal Bot proposed openstack/openstack-manuals master: Imported Translations from Zanata https://review.opendev.org/c/openstack/openstack-manuals/+/916376 | 04:51 |
|---|---|---|
| dougszu | Is there any formal advice on security considerations when considering whether to grant someone core reviewer privileges? Does OpenStack have a policy on admitting people from groups on the UN terror list etc? In the light of the xz fiasco, should there be a formal security policy for vetting core reviewers? | 15:39 |
| frickler | tc-members: ^^ this is an interesting question to discuss. in my understanding, https://openinfra.dev/legal/code-of-conduct/ says "treat everyone the same", so explicitly disallows excluding people based on whatever criteria | 16:16 |
| opendevreview | Merged openstack/openstack-manuals master: Review CentOS/RHEL packages instructions https://review.opendev.org/c/openstack/openstack-manuals/+/913332 | 16:23 |
| dougszu | Thanks frickler, I can raise the question on the mailing list. | 16:44 |
| gmann | yeah, we should treat everyone same when we say 'contributing'. Trust and knowledge base of source code judge by the project team is what we follow in OpenStack and not any other criteria. | 16:54 |
| fungi | just my opinion, but since faking your identity (on the internet or in real life) is already trivial, why would someone try to sneak in under an identity on an international terrorist watchlist? | 20:07 |
| JayF | fungi: I sorta mentally translated that question to sanctioned individuals; for instance, I've worked at companies where I was forbidden by the legal dept from collaborating with individuals who worked for sanctioned companies. | 20:09 |
| fungi | known software backdoors have mostly been inserted into commercial software products by people on government payrolls, so they have the easiest access to falsified paperwork anyway | 20:09 |
| opendevreview | Jay Faulkner proposed openstack/governance master: Goal: Remove eventlet requirements from shared libraries https://review.opendev.org/c/openstack/governance/+/916546 | 21:38 |
| spotz[m] | I believe you'd need to look at the ICLA and Foundation membership for those answers dougszu . The CoC is basically about how you treat people in interactions. I'll bring it up with others though | 23:10 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!