Archived
15
23
Fork
You've already forked meta
6

security team: Ryuno-Ki is not available at the moment #96

Closed
Ghost wants to merge 1 commit from wip-security into readme
pull from: wip-security
merge into: forgejo:readme
forgejo:readme

@Ryuno-Ki since you're currently busy, I propose that you temporarily step down from the security team. This is a demanding position where members are expected to respond quickly.

Is that ok with you? This is a newly formed team and the process is still fresh, feel free to disagree!

@Ryuno-Ki since you're currently busy, I propose that you temporarily step down from the security team. This is a demanding position where members are expected to respond quickly. Is that ok with you? This is a newly formed team and the process is still fresh, feel free to disagree!
Contributor
Copy link

I disagree.

You see, we have vacation here. I set up my business this week.

If the expectation is that I have to prioritise Forgejo (an honorary office right now) higher than my family life or means to earn a living, than I have to step down.

That being said, I was responsive to direct messages (e.g. @circlebuilder contacted me). I told you on Mastodon, that I was unable to decrypt your emails. I could read encrypted mails from other senders.

If you feel an urgent need to reach me, you can now reach me by phone. Find the number at https://jaenis.ch/imprint/ (available since this week).

I admit that I did not look into Matrix channels since a few weeks. It's on my agenda for next week once the kids are back to school resp. kindergarten. I feel like I would serve the community better if I could focus on conversations instead of having them run on the side.

What are your expectations?

I disagree. You see, we have vacation here. I set up my business this week. If the expectation is that I have to prioritise Forgejo (an honorary office right now) higher than my family life or means to earn a living, than I have to step down. That being said, I was responsive to direct messages (e.g. @circlebuilder contacted me). I told you on Mastodon, that I was unable to decrypt your emails. I could read encrypted mails from other senders. If you feel an urgent need to reach me, you can now reach me by phone. Find the number at https://jaenis.ch/imprint/ (available since this week). I admit that I did not look into Matrix channels since a few weeks. It's on my agenda for next week once the kids are back to school resp. kindergarten. I feel like I would serve the community better if I could focus on conversations instead of having them run on the side. What are your expectations?

When it comes to security (and only to security), there are high expectations because Forgejo users rely on the security team to react on a timely manner.

I edited the title of the issue to clarify this is only related to the security team.

When it comes to security (and only to security), there are high expectations because Forgejo users rely on the security team to react on a timely manner. I edited the title of the issue to clarify this is only related to the security team.
Ghost changed title from (削除) Ryuno-Ki is not available at the moment (削除ここまで) to security team: Ryuno-Ki is not available at the moment 2023年01月07日 09:51:56 +01:00
Member
Copy link

@Ryuno-Ki I'm very happy to see you're still around; I had also (perhaps unfairly) assumed that time constraints or other reasons had caused you to move away from Forgejo. But of course, like all (well, most) of us you are a volunteer and free to make your own schedule; absolutely no commitment is asked of any of us (except perhaps, as @dachary says, in the case of the security team). So just knowing that you're still around is great to know.

In the particular case of the security team, I guess expectations are different – though it seems from what you say that you are in fact available to respond quickly if needed for that kind of thing? I'm not on the security team, but I'd also assume that having at least some members with high availability is enough; maybe not every member needs to be always able to respond quickly? That's a matter for @forgejo/Security to debate I guess.

Either way, until we have some kind of elections I guess this kind of thing is "self-certified" – if you feel you are able to offer what is necessary to be a part of the team, that's good enough for me.

@Ryuno-Ki I'm very happy to see you're still around; I had also (perhaps unfairly) assumed that time constraints or other reasons had caused you to move away from Forgejo. But of course, like all (well, most) of us you are a volunteer and free to make your own schedule; absolutely no commitment is asked of any of us (except perhaps, as @dachary says, in the case of the security team). So just knowing that you're still around is great to know. In the particular case of the security team, I guess expectations are different – though it seems from what you say that you are in fact available to respond quickly if needed for that kind of thing? I'm not on the security team, but I'd also assume that having *at least some* members with high availability is enough; maybe not every member needs to be always able to respond quickly? That's a matter for @forgejo/Security to debate I guess. Either way, until we have some kind of elections I guess this kind of thing is "self-certified" – if you feel you are able to offer what is necessary to be a part of the team, that's good enough for me.
Contributor
Copy link

@dachary Allow me to ask again: What are your expectations?

#37 did not mention any response time.
A reaction within 24 hours appears to be well within reasonable bounds to me. If you would like to have a faster response, hire staff. Keep in mind that the team here is very Europe-centric.

I'm disappointed that noone tried to reach out to me via DM before moving forward here.

@caesar Yes, I'm up and running. It's not unheard of me to go silent without prior notice in Open Source projects, though. My way to cope with information overload. I'm sorry if this raised a bad impression. I can not afford to have delays in the work related projects, because I have a family to feed.

Can you point me to the commitment that is expected from the security team? I must have missed the communication somehow.

@dachary Allow me to ask again: What are your expectations? https://codeberg.org/forgejo/meta/issues/37 did not mention any response time. A reaction within 24 hours appears to be well within reasonable bounds to me. If you would like to have a faster response, hire staff. Keep in mind that the team here is very Europe-centric. I'm disappointed that noone tried to reach out to me via DM before moving forward here. @caesar Yes, I'm up and running. It's not unheard of me to go silent without prior notice in Open Source projects, though. My way to cope with information overload. I'm sorry if this raised a bad impression. I can not afford to have delays in the work related projects, because I have a family to feed. Can you point me to the commitment that is expected from the security team? I must have missed the communication somehow.

@Ryuno-Ki I realize that this pull request has upset you and I apologize for that. Let me close it so that we can discuss how the security team is organized in a more relaxed context.

@Ryuno-Ki I realize that this pull request has upset you and I apologize for that. Let me close it so that we can discuss how the security team is organized in a more relaxed context.
Ghost closed this pull request 2023年01月07日 13:19:22 +01:00
Ghost deleted branch wip-security 2023年01月07日 13:23:15 +01:00

Allow me to ask again: What are your expectations?

They are not defined at the moment.

> Allow me to ask again: What are your expectations? They are not defined at the moment.
Commenting is not possible because the repository is archived.
No reviewers
Labels
Clear labels
[Decision] Building proposal(s)
We're in a decision-making process, buiding one or more proposals to address the shared aim based on the criteria
[Decision] Gathering criteria
We're in a decision-making process, gathering criteria, considerations and needs
[Decision] Integrating concerns
We're in a decision-making process, working with a proposal, trying to integrate concerns and create modifications/support such that the proposal works for everyone
Accessibility
Relates to Accessibility (a11y) of product, project and process.
Agreement proposal
Forgejo agreement proposal, following a discussion
Communication
Relates to all channels, social media, website, blog posts.
Election
Process of appointing a person into a role or team (if choosing people just for a specific one-time task, use the Entrustment label)
Entrustment
Process of choosing/approving specific people to do a critical/high-impact one-time task (if choosing people for an ongoing role/team, use the Election label)
Governance
Relates to processes, procedures and decision-making.
Meeting
An upcoming team meeting
User research - Accessibility
Requires input about accessibility features, likely involves user testing.
User research - Blocked
Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.
User research - Community
Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.
User research - Config (instance)
Instance-wide configuration, authentication and other admin-only needs.
User research - Errors
How to deal with errors in the application and write helpful error messages.
User research - Filters
How filter and search is being worked with.
User research - Future backlog
The issue might be inspiring for future design work.
User research - Git workflow
AGit, fork-based and new Git workflow, PR creation etc
User research - Labels
Active research about Labels
User research - Moderation
Moderation Featuers for Admins are undergoing active User Research
User research - Needs input
Use this label to let the User Research team know their input is requested.
User research - Notifications/Dashboard
Research on how users should know what to do next.
User research - Rendering
Text rendering, markup languages etc
User research - Repo creation
Active research about the New Repo dialog.
User research - Repo units
The repo sections, disabling them and the "Add more" button.
User research - Security
User research - Settings (in-app)
How to structure in-app settings in the future?
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/meta!96
Reference in a new issue
forgejo/meta
No description provided.
Delete branch "wip-security"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?