Skip to content

Commit aff4d47

Browse files
rcthomasrcthomas
authored
Merge pull request #53 from jupyter/notes-2023-01-03
Notes from last week's meeting (Jan 3 2023)
2 parents f66b44e + 7c433a6 commit aff4d47

File tree

2 files changed

+32
-0
lines changed

2 files changed

+32
-0
lines changed

meetings/2023-01-03.md

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,31 @@
1+
# Jupyter Security Bi-weekly Meeting
2+
3+
## January 3, 2023
4+
5+
| Name | affiliation| username |
6+
| -------------------| -----------| -----------------|
7+
| Jason Weill | AWS | @JasonWeill |
8+
| Matthias Bussonnier| Quansight | @carreau |
9+
| Rollin Thomas | NERSC | @rcthomas |
10+
| Sritej Attaluri | Bloomberg | @attaluris |
11+
| Rick Wagner | UCSD | @rpwagner |
12+
| Jason Grout | Databricks | @jasongrout |
13+
14+
Note: Jason still works at AWS, but per corporate social media policy, I changed my GitHub username to not have `aws` in it anymore
15+
16+
17+
- Vulnerability reporting
18+
- We've turned on public reporting of vulnerabilities in IPython and [Jupyter Security](https://github.com/jupyter/security/security/advisories/new)
19+
- Workflow is: person submits a report, an admin accepts the report and creates a "draft"
20+
- Reports are per-repo. It doesn't seem like there is a way to consolidate at the org level
21+
- It appears that only admin permissions can see the draft vuln reports
22+
- How to track reports?
23+
- We can have a single place where reports are done, so the security team can track it and open appropriate reports in subprojects
24+
- We can have a per-repo or per-subproject place to report, with a reporting structure in place between projects to track vulnerabilities
25+
- This process decision should be made at the SSC level in cooperation with other subprojects
26+
- Even if we have per-subproject reporting, we can have a catch-all reporting place in jupyter/security
27+
- SSC formation
28+
- SSC reps are known at this point, and needs to self-organize at this point
29+
- EC meetings are on Monday. Perhaps the SSC members can be invited so we can all discuss how to launch these councils
30+
- https://deploy-preview-712--jupyter-github-io.netlify.app/ - preview of website update listing the SSC in the About page
31+
-

meetings/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ What this meeting is about:
1717

1818
## Meeting Minutes
1919

20+
* [2023-01-03](2023-01-03.md)
2021
* [2022-12-06](2022-12-06.md)
2122
* [2022-10-11](2022-10-11.md)
2223
* [2022-09-27](2022-09-27.md)

0 commit comments

Comments
 (0)