I'm supposed to help write a blog post on this at some point, but I
wanted to follow Tyler's comment and say that from my perspective, and
a few other people in the WMF, I'd like to see several more volunteers
in the security process. We need more people doing design reviews,
secure code reviews, fixing security bugs, etc.
I think it's mostly been an organic process in the past, but I'd like
to be more intentional and systematic about getting contributors
trained and get them access to things like the security bugs in
bugzilla, so we can have more eyes on the issues and make sure new
features support the direction we're headed for security. If you have
+2 on core, and have reported or fixed some security bugs, I'll
probably be reaching out to you over the summer to see if you're
interested in getting more involved. But if anyone else is interested,
feel free to get in touch with me and I'll make sure you're included
on that list.
On Sat, Jun 22, 2013 at 9:52 PM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:
I'd also like to know this information. Being a
Bugzilla admin and helping
out with the bug workflow and security issues and whatnot has always been
something I've wanted to do. But if the WMF is trying to consolidate for
some reason...
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com