foundation
  • theopolis

    theopolis

    08/07/2019, 6:55 PM
    Next up is the PyPI osquery project. @seph, @zwass, @alessandrogario, if you have accounts on PyPI I am happy to add you
  • theopolis

    theopolis

    08/22/2019, 12:55 AM
    hey, this seems pretty straightforward (the change updates the charter to reflect reality) but we need a majority vote: https://github.com/osquery/foundation/pull/8 if you have some time, please take a look
  • Jacob Palmer (LF)

    Jacob Palmer (LF)

    08/30/2019, 4:20 PM
    @mike We're tracking the issue you reported here: https://github.com/communitybridge/easycla/issues/133
  • Mike Myers

    Mike Myers

    09/03/2019, 10:17 PM
    At the end of office hours today I mentioned wanting more of the issues and PRs to be labeled (@seph made a note in the notes about it), but it looks like only members with write access to the repository can label issues.
  • theopolis

    theopolis

    09/06/2019, 6:34 PM
    also, I did not like the way the build badges looked on the Readme so I removed them: https://github.com/osquery/osquery/blob/427914bde0a0b228bdfd16c15eeaa86d379d5334/README.md thoughts?
  • Mike Myers

    Mike Myers

    09/11/2019, 5:38 PM
  • s

    seph

    10/15/2019, 9:17 PM
    The Linux foundation has said they don't have an ADC account. It's on us to run that riddle trail. And either pay, or get the tax id for LF (@zwass )
  • s

    seph

    01/15/2020, 3:48 PM
  • s

    seph

    04/08/2020, 7:42 PM
    I now have PDFs for the official founding docs. I’ve uploaded them into 1password
  • s

    seph

    04/09/2020, 6:33 PM
    We have a D&B Number! In 5 days, I can submit it to apple. But this is great
  • Jams

    Jams

    04/14/2020, 4:25 PM
  • theopolis

    theopolis

    04/20/2020, 6:02 PM
    Ok new piece of 'moving parts' we need to address within 8 days. The DigiCert TLS cert for *.osquery.io needs to be renewed. We should move over to LetsEncrypt and we'll need to use the cert within AWS CloudFront. Also I think we can move off of CloudFront and onto a free (if available) load balancer that allows us to TLS terminate. We front the homepage and pkg. IIRC.
  • theopolis

    theopolis

    04/21/2020, 10:32 PM
    We’ll need to manage the cert ourselves I think due to the usage of pkg.
  • theopolis

    theopolis

    04/30/2020, 4:26 PM
    Hi folks, I'd like to propose a change in process for osquery's security policy. I think we have all the tools to handle reports, issue CVEs, fix and release without needing FB's CNA capabilities or FB Whitehat involvement. What I propose is we change the SECURITY.md to be more concrete about how to report, either mention in #core or DM one of the TSC on Slack (with a link to the list of usernames). We also include a few sentences about how we proceed with fixing and applying for a CVE if needed through GitHub's security advisory feature. The motivation behind this is to provide us more efficacy over handling the end-to-end and helping reduce the scope of the FB Whitehat. FB's program focuses on security impact to FB projects and configuration. This means best-practice hardening recommendations for osquery, which do not impact FB, can result in a bad experience for researchers. In these instances if FB were to choose to issue a reward we would hold ourselves to an SLA that is difficult to keep, what I mean by this is FB would have to coordinate with the group here to land a fix. I know I bridge this gap and could commit to maintaining the SLA. Please understand that while I'd absolutely love to do this I cannot commit to this right now. By removing osquery from FB Whitehat we remove the ambiguity of whether a best-practice recommendation has security impact to FB and we remove any false expectations around SLA commitment. Those are upsides, the downside is researchers cannot earn bounty for their hard and meaningful work. I do not have an alternative for providing bounty features for osquery security reports but perhaps in the future we can explore HackerOne/etc if we have finances to support this.
  • s

    seph

    05/19/2020, 6:18 PM
    We now have an apple developer account. Non-profit. I have not yet dealt with any codesigning things. But 😛hew: this is great.
  • s

    seph

    06/04/2020, 2:08 AM
    I just learned that both Cisco and Jumpcloud have products that are based around osquery. Which is both validating, and makes me wonder if we should be better at outreach
  • s

    seph

    06/19/2020, 7:29 PM
    I’ve started looking into what it would take to transfer
    osquery-go
    from Kolide to the foundation. Please speak up if you think this is a bad idea… (Else I assume everyone thinks it’s great)
  • Guillaume

    Guillaume

    06/23/2020, 6:16 PM
    @seph no idea if this can be adjusted on the project end, but minimum donation for "an organization" is 500$ right now. I would put this donation under my personal company name since that is where it makes the most sense (logically and tax wise) - but it means I can't donate 300$ as easily. If you can't change it I will just do it under my name and then "expense" it to myself, no big deal, but I figure there might be others in a similar situation
  • s

    seph

    06/23/2020, 6:26 PM
    @zwass I am.
  • s

    seph

    07/09/2020, 6:21 PM
    Spoke to someone at the LF about transferring osquery-go into the osquery foundation. Will put notes in an issue. It should be straight forward, but there is a wrinle
  • theopolis

    theopolis

    08/29/2020, 3:57 AM
    I need to get some sleep, if someone is still awake in 30mins, do you mind merging https://github.com/osquery/osquery/pull/6617 to fix the README display
  • i

    Ivanlei

    12/10/2020, 7:10 PM
    Not sure where this goes, but a fun update from us over here at Apple. Our company has just approved our full participation for high volume code contributions to osquery. We're excited to really join the community. 🙂
  • a

    alessandrogario

    01/22/2021, 3:55 PM
    we can have a "brought to you by teddy" with his picture at the top
  • Mike Myers

    Mike Myers

    04/05/2021, 5:20 PM
    https://github.com/sponsors has anyone considered putting up a sponsor-us badge on the project?
  • theopolis

    theopolis

    08/21/2021, 11:25 PM
    I’d like to invite Sharvil to the osquery-committers group on GitHub, giving him access to approve and merge PRs on osquery/osquery. He’s been contributing for several years, has a good track record of changes and reviews, and is currently part of the committers for our code signing workflows. So this change only slightly increases the trust we confide in him. 😃 Our process for previous additions to contributors lists has been 3 TSC members giving a vote of approval. We had that in core just now, but I wanted to raise here for visibility and consistency.
  • zwass

    zwass

    12/28/2021, 8:09 PM
    Hey folks, some end of the year thoughts on osquery governance: As per the charter section 2.f., the TSC may elect a TSC Chair. I propose we elect @seph to this position as he has essentially been performing the roles "preside over meetings of the TSC" and "serve as the primary communication contact [with Linux Foundation]". Can we consider adding new members to the TSC? @Stefano Bonicatti and @sharvil have both been deeply involved in the osquery efforts over the last years. Should we consider removing inactive members from the TSC? Any of the above can be approved by a majority vote of the TSC.
  • zwass

    zwass

    04/05/2022, 7:55 PM
    Update 🎉 @seph has been elected as TSC Chair (https://github.com/osquery/foundation/issues/81)@sharvil has been elected as TSC Member (https://github.com/osquery/foundation/issues/82)
  • s

    seph

    05/04/2022, 1:31 PM
    Renewed our apple developer account. Fee is still waived.
  • Mike Myers

    Mike Myers

    05/14/2022, 12:25 AM
    I'm told https://cirrus-ci.org/ offers free M1 CI for open source, if that would useful for osquery
  • s

    seph

    06/07/2022, 1:31 AM