Hi all!
Although the last call is only a few days behind us, I’d like to roughly sketch out a plan for the next time - esp. the latter, since everything is still fresh!
First of, thanks again, it was awesome & very much productive!
- Date: 2024-05-16T18:00:00Z (See Poll: Regular COMSEC meetings)
Since more people have shown interest to join the call(s) and/or the committee, having a chat & getting to know each other, like last time, would be great I think!
Having pondered (and talked with @dfh shortly) about it, some things I’d like to put on the agenda:
- Security “Roadmap”, tracking ideas and tasks - where/how?
- Now that we are a committee, what does that mean to us for the future?
- What decisions changed in Aux generally that might impact us? (e.g.
- What was achieved so far as part of the committee?
- Security contact possibilities, e.g. security.txt, email, etc.
- Custom infra/tooling for COMSEC - as COMSEC works differently than most other COMs/SIGs, this will definitely needed at some point
- Internal/non-public communication channels will be needed too, for potential sensitive matters
- Establishing a “trusted” core, handling sensitive matters
- Brainstorming: Auxolotls security story
I’d especially like to stay on top of these few things listed above, as these are IMHO important to get right from the get-go. If there are more ideas, please feel free to comment!
Some of the awesome ideas from last time that could be discussed as time & motivation permits, in particular with possible input from all the new participants:
- SELinux/LMS support & challenges
- Secure Boot & it’s challenges
- Integrated secrets managenment (à la
sops-nix, maybe alsoagenix-shell?) aux auditcommand à laglsa-checkand similar (in coordination with CLI-SIG probably?)
Cheers,
Christoph
