2024-05-16 COM-SEC Call

Hi all!

Although the last call is only a few days behind us, I’d like to roughly sketch out a plan for the next time - esp. the latter, since everything is still fresh!

First of, thanks again, it was awesome & very much productive!

Since more people have shown interest to join the call(s) and/or the committee, having a chat & getting to know each other, like last time, would be great I think!

Having pondered (and talked with @dfh shortly) about it, some things I’d like to put on the agenda:

  • Security “Roadmap”, tracking ideas and tasks - where/how?
  • Now that we are a committee, what does that mean to us for the future?
    • What decisions changed in Aux generally that might impact us? (e.g.
  • What was achieved so far as part of the committee?
  • Security contact possibilities, e.g. security.txt, email, etc.
  • Custom infra/tooling for COMSEC - as COMSEC works differently than most other COMs/SIGs, this will definitely needed at some point
    • Internal/non-public communication channels will be needed too, for potential sensitive matters
  • Establishing a “trusted” core, handling sensitive matters
  • Brainstorming: Auxolotls security story

I’d especially like to stay on top of these few things listed above, as these are IMHO important to get right from the get-go. If there are more ideas, please feel free to comment!

Some of the awesome ideas from last time that could be discussed as time & motivation permits, in particular with possible input from all the new participants:

  • SELinux/LMS support & challenges
  • Secure Boot & it’s challenges
  • Integrated secrets managenment (à la sops-nix, maybe also agenix-shell?)
  • aux audit command à la glsa-check and similar (in coordination with CLI-SIG probably?)



Thanks for the agenda, highly appreciated :pray:

1 Like

This is awesome, I’ve pinned it as the next agenda :slight_smile: