Request: Asset audit report #249
Comments
@jasnell Are you volunteering to lead this? Not trolling, honest question. If not, then step 1 is probably find someone willing to own it and push it forward. Barring that, figure an appropriate WG or other body to delegate it to? If you are up for at least organizing it and keeping it on track (both distinct from doing the actual work), then awesome! This would be a great thing to have. |
|
Yes, I'm volunteering to lead the effort. Obviously, however, I would need participation from the various WGs to pull everything together. |
|
@nodejs/build maintains a private spreadsheet of its assets, including incoming small donation payments and purchases using those monies. We can extract just the asset list from that pretty easily if you have a place in mind for it to live? |
|
@rvagg ... a shared google doc that is accessible only to current TSC members and anyone from the build WG that would be helping to compile the list would work and would be a great place to start. |
|
@jasnell I can't really see any link anywhere in my inbox. Was I added? |
|
I have not yet created the shared doc :-) |
|
@jasnell I've shared the Build spreadsheet with you, perhaps it's an appropriate starting point for this stuff. My only concern is that it contains some details about donations that some folks have made they didn't do publicly and I want to respect their confidentiality. We can talk 1:1 about the details of this doc if you want more context. |
|
@jasnell oh gosh, for some reason I thought that you mentioned it. Sorry! |
|
@rvagg ... Thank you. It's a great starting point. re: confidentiality, the audit report itself will be limited strictly to voting TSC members. If there are specific details that should not even be shared at that level, then we should identify those. I'm not planning for the report to include actual $ figures. It's really just making sure we have a handle on what assets we actually have available and who is responsible for those. |
|
Please list them in a Google spreadsheet and share those with me.
…On Tue, Apr 25, 2017 at 2:32 PM Michael Dawson ***@***.***> wrote:
@jasnell <https://github.com/jasnell> @rvagg <https://github.com/rvagg>
in terms of the softlayer assets should I send that info to you ?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#249 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAa2ecyWgMGoIJ9zwdG88BeYcOoSwHNhks5rzmZXgaJpZM4M_fRv>
.
|
@nodejs/build @nodejs/tsc @nodejs/ctc @nodejs/benchmarking @nodejs/jenkins-admins
One thing that we seem to be missing overall is a clear listing of all hardware/software assets (owned or donated) that core and related projects currently depend on. This is something that the TSC and CTC really should have better visibility into given the potential risks should any resources no longer be available for whatever reason.
I would like to request that an audit report be put together to help catalog the various assets, along with information about who has access to those, who the primary points of contact are, where the secrets live with regard to access, who has access to those secrets, where those are located, whether they are physical or virtual assets, and where they are used. The report should also include service and hosting providers that we are relying on (paid or donated).
Obviously, this report could contain some sensitive information so distribution of the audit report would be limited to CTC and TSC members (and any delegates necessary to help pull the information together). If it would be helpful to pull the report together, I can ask one of our nearForm interns to help.
The text was updated successfully, but these errors were encountered: