From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jason@lakedaemon.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id C787FB3D
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Fri, 10 Jul 2015 14:38:35 +0000 (UTC)
Received: from pmta2.delivery3.ore.mailhop.org
	(pmta2.delivery3.ore.mailhop.org [54.213.22.21])
	by smtp1.linuxfoundation.org (Postfix) with SMTP id 343C5ED
	for <ksummit-discuss@lists.linuxfoundation.org>;
	Fri, 10 Jul 2015 14:38:35 +0000 (UTC)
Date: Fri, 10 Jul 2015 14:38:32 +0000
From: Jason Cooper <jason@lakedaemon.net>
To: ksummit-discuss@lists.linuxfoundation.org
Message-ID: <20150710143832.GU23515@io.lakedaemon.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Subject: [Ksummit-discuss] [CORE TOPIC] dev/maintainer workflow security
List-Id: <ksummit-discuss.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/ksummit-discuss>,
	<mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/ksummit-discuss/>
List-Post: <mailto:ksummit-discuss@lists.linuxfoundation.org>
List-Help: <mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/ksummit-discuss>,
	<mailto:ksummit-discuss-request@lists.linuxfoundation.org?subject=subscribe>

All,

This is a topic of interest to me that I think would best benefit from a
conference room discussion.

Items to discuss:

 - Survey the room on workflows and security posture for kernel work
 - Discussion of threat models, attack vectors
 - Discuss mitigation methods, tools and techniques
 - Identify missing tools or features of tools

The intent is to discuss end point security with regards to protecting
the kernel source tree.

This would *not* be about changing anyones workflow or DE or $editor or
other religious items. ;-)  It would be more about increasing awareness.
Both of attack vectors and tools to mitigate risk which would fit into
current workflows.

In order to encourage open and honest discussion ("I can only afford one
box.  My kid does unrestricted web browsing on it every day when I'm at
work"-type stuff) we could consider doing Chatham House Rule [0] for
this discussion.

thx,

Jason.

[0] https://en.wikipedia.org/wiki/Chatham_House_Rule