Stream: rfc-notifications

Topic: rfcs / issue #20 RFC: Vulnerability response runbook

view this post on Zulip RFC notifications bot (Feb 17 2022 at 23:42):

cfallin commented on issue #20:

On initial read, this looks really good and is quite complete!

Only thing I would add is that, if the vulnerability is in a Rust crate used by others, adding an entry to the rustsec database is a good last step, after the CVE exists and is public. An example PR is here for last year's Cranelift CVE.

view this post on Zulip RFC notifications bot (Feb 23 2022 at 09:28):

bnjbvr commented on issue #20:

(Forgot to say, sorry!) Great write-up, this definitely will streamline and structure the incident handling process!

view this post on Zulip RFC notifications bot (Feb 28 2022 at 17:21):

pchickey commented on issue #20:

@cfallin Thanks, added a RustSec database step to the final section. We haven't been consistent in publishing to that database, but there is no reason not to be.

view this post on Zulip RFC notifications bot (Aug 18 2022 at 18:53):

pchickey commented on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 18 2022 at 18:54):

fitzgen edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 18 2022 at 19:00):

cfallin edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 18 2022 at 19:40):

fitzgen edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 18 2022 at 19:58):

jameysharp edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 18 2022 at 21:32):

pchickey edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 18 2022 at 23:42):

fitzgen commented on issue #20:

As per the RFC process this RFC is entering its 10 day final comment period.

If no objections have been raised by 2022-08-28, we will merge this RFC.

view this post on Zulip RFC notifications bot (Aug 18 2022 at 23:54):

cfallin edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 19 2022 at 09:46):

bjorn3 commented on issue #20:

@tschneidereit should be listed in the Fastly section, right?

view this post on Zulip RFC notifications bot (Aug 19 2022 at 15:41):

fitzgen edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 19 2022 at 15:42):

fitzgen edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 19 2022 at 17:21):

pchickey deleted a comment on issue #20:

@tschneidereit should be listed in the Fastly section, right?

view this post on Zulip RFC notifications bot (Aug 19 2022 at 17:25):

pchickey edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 22 2022 at 08:33):

bnjbvr edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 24 2022 at 19:33):

pchickey edited a comment on issue #20:

Motion to finalize with a disposition to merge

This RFC was forgotten for a little while with one piece of unresolved feedback, which has now been resolved. We have been using it de-facto during the time it was open.

Stakeholders sign-off

This effects all Bytecode Alliance projects so I've copied the biggest stakeholder list I could find (#14) and added some new folks. I apologize if I missed anyone, I am happy to add folks.

Arm

DFINITY

Embark Studios

Fastly

Google/Envoy

Intel

Microsoft

Fermyon

Mozilla

IBM

wasmCloud

Unaffiliated

view this post on Zulip RFC notifications bot (Aug 29 2022 at 20:25):

fitzgen commented on issue #20:

The final comment period has elapsed without any objections, so I'm going to merge this!

Last updated: Nov 22 2024 at 16:03 UTC