142
edits
Changes
Jump to navigation
Jump to search
no edit summary
Since this issue affects everyone in the zommunity YOU should attend!
Weil dieses Issue alle an der Zombi-Community Beteiligten betrifft, solltest DU dich daran beteiligen!
=== Should projects be open by default?
- LOD: no, except for projects that are available to people outside of zombi, things should not be
- Paul: Projects should be designed in a way so they contain no sensible information and can be open sourced at any time. Once this is achieved, why not open them?
- Mart: We cannot achieve this at the moment, so we should be secure by default. Move fast and break things is the wrong approach.
- Mart: Can we split into Git/Wiki/Tickets?
=== Git
* Paul: Project owner should decide if the project is open to the public
* LOD: the project should be closed, as soon as it is security relevant. Multiple people should be looking over every change of the project, to ensure safety.
* Benny: How often are security critical services pushed into the git?
* LOD: all the time, since everything with passwords can be considered security critical. For example the assemblybot has hardcoded secrets.
* Mart: everything concerning [[Zombi:Creative Commons]] should not be public in any case. There should be a list of criteria, under which a project can get open source.
* Lod: we are not only people experimenting with technology, bug also people relying on these services to work. There have to be code reviews for everything that gets released.
==New Code of conduct==
