From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id iArlIzcyVmU8iAAAG6o9tA:P1 (envelope-from ) for ; Thu, 16 Nov 2023 16:16:07 +0100 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id iArlIzcyVmU8iAAAG6o9tA (envelope-from ) for ; Thu, 16 Nov 2023 16:16:07 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 73969320C3 for ; Thu, 16 Nov 2023 16:16:07 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1700147767; a=rsa-sha256; cv=none; b=JQFz2FRR5+lnACXCnduiHi9XSWZQ9c5lCsln4NQzZuDFYJNnUBE/xuzvtuVutY5CT8ixRm nxIA3DUwtJmEN3yXqCJBJgN6NlL/4RfZf0pXxP15k5HWYz3soPUgJKaUX81iFGRTg05WFp Una5gVNRVRwU/YBKW4Q2T1SOrknJLdzTjqa7sPup8SueR/+9jyv5roDlUtXaShiMqbZASm epi7okDJ8zoIuuYYP29ieUYoqqn9+EP7DA3ZCSfav1vZycWMc1KxxSak8WiIX895ZVtxYO q4jMk3V97iDMC/1FVeLfAU3AM50tCC8Z7WOKNfMXGEipHheSqOmoxn9D92Seig== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1700147767; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=sIF5K+Djua0YoAomoEUrLpPpxlGWBGOs1CM1I7Xzn/Y=; b=hpqFlrR97vc3Su/4DXlmxdI4NiRWnu8JKgN3qark2AAeamRgIJI00JKBgcyZQ+mmhIKsHZ +aUyY4bDZdSHB+PawV8yUnIZcLeN/7FS6cxvlGpRL6bicBOAFakkM9lN+711XvGzUSHuuE 4PEqIhbdZHsxO4FgO888EQUu/5lXn0T9olZI83JFiZjNpp/2uYmEbGOOnbxkQQmVZNZwsc wPOHIB9LUKXebkSYItKHJBJ8p9AR/U5qCwnXZTAubXGQxwT9gZG1KrWTszU2HKRSxB3Gr6 Ccrmb98ZG3p2xJWLi12LzOg6MOOuZ8R9hlIxnv466pOB9IboRpIuYroa2r19uQ== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r3e5x-0004Eg-VC; Thu, 16 Nov 2023 10:15:53 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r3e5n-00049n-Pw for guix-devel@gnu.org; Thu, 16 Nov 2023 10:15:48 -0500 Received: from hera.aquilenet.fr ([2a0c:e300::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r3e5l-0007EY-NE; Thu, 16 Nov 2023 10:15:43 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id CE727DB7; Thu, 16 Nov 2023 16:15:35 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at hera.aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ogYHc2fiPUu; Thu, 16 Nov 2023 16:15:35 +0100 (CET) Received: from jurong (sauterelle.math.u-bordeaux1.fr [147.210.16.130]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 37D33D1A; Thu, 16 Nov 2023 16:15:35 +0100 (CET) Date: Thu, 16 Nov 2023 16:15:32 +0100 From: Andreas Enge To: Ludovic =?iso-8859-15?Q?Court=E8s?= Cc: John Kehayias , Guix Devel , guix-maintainers@gnu.org Subject: Re: Upgrading Guix's security team Message-ID: References: <87cyxt9iwm.fsf@protonmail.com> <8734x5ydzh.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <8734x5ydzh.fsf@gnu.org> Received-SPF: pass client-ip=2a0c:e300::1; envelope-from=andreas@enge.fr; helo=hera.aquilenet.fr X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Queue-Id: 73969320C3 X-Migadu-Scanner: mx12.migadu.com X-Migadu-Spam-Score: -2.59 X-Spam-Score: -2.59 X-TUID: KRPASZsAlC2s Hello, Am Thu, Nov 16, 2023 at 03:22:42PM +0100 schrieb Ludovic Courtès: > Yes, we definitely need a rotation here! I for one have my name there > but regardless of my interest, I have to admit that I’ve been unable to > be sufficiently responsive. It’s time to let new folks take > responsibility. > I think we should make this a fixed-term position, to make it easier for > people to commit to actually being active when needed, with the > understanding that it’s not a commitment for life. all this sounds good. Maybe we should also clean up the mailing list. I am on the list, but not mentioned on the security team site, and will be happy to be removed. (My being here probably comes from a mismatch between being interested in "security" and knowing things about "crypto- graphy", and my inability to act upon concrete situations of security problems in packages.) Andreas