This document describes the responsibilities, organizational structure, operation mode, and related processes of the Security Committee.
The openEuler Security Committee (SC) receives and responds to openEuler security issues, provides community security guidance, and carries out security governance. It is built to enhance the security of openEuler products and development environment.
- Assist in fixing vulnerabilities: Ensure that known vulnerabilities are fixed in a timely manner. Provide patches for software package maintainers to help users fix vulnerabilities before virus attack. The patches include vulnerability detection and fixing tools.
- Respond to security issues: Respond to reported security issues, track the handling progress, and disclose the reported issues in the community based on the security issue disclosure policy.
- Popularize secure coding rules: Strive to create documentation or development tools to help the developers avoid common pitfalls in the software development process. We will also answer questions encountered during development and use.
- Participate in code review: Help discover vulnerabilities in code in advance through code review.
The SC is responsible for classifying and handling openEuler security issues. The current members of the SC are as follows:
- zhujianwei7@huawei.com [@zhujianwei001]
- cuilei@kylinos.cn [@kylincuilei]
- tanjingguo@huawei.com [@tanjingguo]
- chenxi.mao@suse.com [@chenxi-mao]
- mawei@uniontech.com [@movie0125]
- luoyukai@huawei.com [@luoyukai]
- liujingang09@huawei.com [@liujingang09]
- tangjie@kylinsec.com.cn [@tangjie] (Alternate member)
- yanghanbo2@huawei.com [@tony-hanbo](Alternate member)
- uromise@gmail.com [@iromise](Alternate member)
- @yangli69393 resigned in July 2021, and @kylincuilei took over the work.
- @angela7 resigned in January 2022, and @weidongkl took over the work.
- @jinjin resigned in March 2022, and @tanjingguo took over the work.
- @liujingang09 resigned in September 2022.
- @weidongkl resigned in March 2023, and @movie0125 took over the work.
- @yanxiaobing2020 resigned in June 2023, and @luoyukai took over the work.
- @gwei3 resigned in September 2023.
- 4:00-5:30 (GMT+8) every other Wednesday through WeLink Meeting
We are responsible for product security release. Please use the correct contact information to obtain timely response.
| List/Group | Type | Function |
|---|---|---|
| openeuler-security@openeuler.org | Private | openEuler security disclosure mailbox. This list is closely monitored and categorized by the PSC. For details, see Security Disclosure Guide. |
| release-managers-private@openeuler.org | Private | This is a private communication email especially for release managers. For other users, please subscribe to openeuler-security@openeuler.org. To discuss security issues during the release, release managers must use this private email. |
| security-discuss-private@openeuler.org | Private | Private internal discussion email of the SC. For other users, please subscribe to openeuler-security@openeuler.org. |
For details about how to report security issues and obtain security patches, see Security Disclosure Guide.
For details about the security handling process and security policies of the openEuler community, see Security Handling Process.
Visit https://openEuler.org/en to learn how to interact with the openEuler community.
It is subject to the constraints of openEuler Code of Conduct.