Re: clarification on "security" & "security-services" labels in EdgeX-Go project.


Jim White
 

+1; security is too vague and is liable to return us to the same issue.  security_audit or break it up even more (security_cve, security_patch, etc.)
j


On Mon, 23 Sep 2019 at 18:14, Gregg, James R <james.r.gregg@...> wrote:

+1 to Trevor’s suggestion for differentiating the labels.  “security_audit” is more descriptive.

 

~ James Gregg

 

From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of Trevor.Conn@...
Sent: Monday, September 23, 2019 8:56 AM
To: Tingyu.Zeng@...; EdgeX-TSC-Security@...
Subject: Re: [Edgex-tsc-security] clarification on "security" & "security-services" labels in EdgeX-Go project.

 

Maybe “security” should be “security_audit” then?

 

Trevor

 

From: EdgeX-TSC-Security@... <EdgeX-TSC-Security@...> On Behalf Of Zeng, Tingyu
Sent: Monday, September 23, 2019 10:46 AM
To: EdgeX-TSC-Security@...
Subject: [Edgex-tsc-security] clarification on "security" & "security-services" labels in EdgeX-Go project.

 

[EXTERNAL EMAIL]

Hello,

 

It was brought out and  discussed during our weekly security working group meeting last week that how we define and use ”security” and “security-services” label when evaluating the incoming issues. For clarification here is the basic idea when we apply the labels:

 

  1. When the issue is related to general security topics, such as CVE vulnerabilities,  security patches etc., we will label the issue as “security”
  2. When the issue is related to the security components in EdgeX such as security-secrete-setup/security-proxy-setup etc., we will able the issue as “security-services”.

 

 

Hope it help.

 

 

Thanks

Tingyu

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.