-
Story
-
Resolution: Done
-
High
-
None
We need to address the issue where non-committers - (contributors) cannot login to nexus-iq - this causes the PTL or other committers to hand feed the contributors with CLM report content - they also cannot see the security page space
This causes a lot of manual adminstrative work for the PTL
While I understand the dual reasons why we protect clm content from non-committers - we are loosing the active contributors that fall out of the access scope.
The access is currently binary - because anyone can get a non-vetted LF account - it needs to be 3 part - in order to work and accelerate clm work
Committers, contributors, the rest of LF users.
1) to abide our license agreement
2) to not disclose out vulnerabilities beyond vetted committers
Proposal: allow for vetted contributors that can access nexus-iq and the security space. This could be done by providing a way for all contributors to be a committer on at least one project - or create a sandbox project we can vet committers to.
I should look at Microsoft Github reports - see new screencaps - but access issues will still be a problem
Gildas raised a good point - verify we are not overriding any oparent versions that already fix the dependencies
<camel-spring-boot.version>2.21.1</camel-spring-boot.version>
is one of a couple overrides of oparent
- blocks
-
TSC-17 S3P Assessment prior Casablanca RC1
- Closed
- relates to
-
SECCOM-245 CVE - CLM Nexus-iq alternatives - MISP or github/Microsoft security scans
- In Progress
-
TSC-58 Dublin Toolchain Improvement
- Closed
-
TSC-29 Create a wiki page to collect Security SMEs to access CLM
- Closed
-
TSC-50 oparent CLM status must be managed daily to not block downstream project CLM work - for 20+ days
- Closed