Dear Sarah,
Thank you for your reaction.
I understand that security issues are a sensitive matter, but that also goes
for a company like ours, which services Archivematica for a lot of customers. I
also understand that dealing with these issues is not in scope (yet) for the
Product Support Program, but that was not what I meant to address with my
remark. Basically it’s a communication issue: I would like to get informed
directly, for example via this list, in case you have stumbled upon a security
issue and are going to announce this publicly. I mean: it would be odd for our
Archivematica customers to know about this before we do, right (fortunately I
monitor the Google Groups info on a regular basis, so that’s why I already knew
about this a few hours after the announcement over there)? And then of course
it’s up to each of us within the Product Support Program to take action or not
and fortunately we were able to get your help in dealing with this within our
Partner Support Program, for which we thank you.
Best wishes,
Met vriendelijke groet,
Wim van Dongen
Projectmanager
[Picturae] PICTURAE
J. Duikerweg 14
1703 DH Heerhugowaard
The Netherlands
t:
+31 725 320 444
e:
W.vanDongen@xxxxxxxxxxxx
w:
www.picturae.com<https://www.picturae.com/>
LinkedIn<http://www.linkedin.com/company/1237997>
Twitter NL<https://twitter.com/#!/Picturae_NL>
Twitter INT<https://twitter.com/#!/Picturae_INT>
Facebook<http://www.facebook.com/pages/Picturae/358966670821808>
Vele Handen<https://velehanden.nl>
Van: archivematica-psp-bounce@xxxxxxxxxxxxx
<archivematica-psp-bounce@xxxxxxxxxxxxx> Namens Sarah Romkey
Verzonden: woensdag 20 mei 2020 15:57
Aan: archivematica-psp@xxxxxxxxxxxxx
Onderwerp: [archivematica-psp] Re: Minutes are up
Hello Wim,
Apologies for a delayed reply on this.
We definitely understand your point of view on this. However, security patches
and support are not in scope for the Product Support Program. The PSP terms
of reference do not mention security issues. We could discuss a change to the
terms of reference at a future meeting, with the other PSP members, to talk
about the role of security in the product roadmap, for example.
When it comes to matters of security, we need to keep the issue contained very
tightly until a fix is available to all (for full disclosure to other PSP
members, we have made the fix available now to Picturae as members of the
Enterprise Partner Program).It is not uncommon to purchase enterprise level
software packages which include automatic updates for security but to our
knowledge it's not common practice to have access to internal security details
ahead of other software users.
I hope this makes sense but happy to continue the discussion.
Cheers,
Sarah
Sarah Romkey, MAS,MLIS
Archivematica Program Manager
She/her
Artefactual Systems<http://artefactual.com>
604-527-2056
@archivematica<http://www.twitter.com/archivematica> /
@accesstomemory<http://www.twitter.com/accesstomemory>
On Fri, May 8, 2020 at 6:24 AM Wim van Dongen
<W.vanDongen@xxxxxxxxxxxx<mailto:W.vanDongen@xxxxxxxxxxxx>> wrote:
Hi Sara,
Thank you!
Btw – something completely different – it would be nice if we could get a heads
up, for example in this channel, in case issues like these are going to be
published: https://groups.google.com/forum/#!topic/archivematica/BPtdneooJPc.
Best wishes,
Met vriendelijke groet,
Wim van Dongen
Projectmanager
[Picturae]PICTURAE
J. Duikerweg 14
1703 DH Heerhugowaard
The Netherlands
t:
+31 725 320 444
e:
W.vanDongen@xxxxxxxxxxxx<mailto:W.vanDongen@xxxxxxxxxxxx>
w:
www.picturae.com<https://www.picturae.com/>
LinkedIn<http://www.linkedin.com/company/1237997>
Twitter NL<https://twitter.com/#!/Picturae_NL>
Twitter INT<https://twitter.com/#!/Picturae_INT>
Facebook<http://www.facebook.com/pages/Picturae/358966670821808>
Vele Handen<https://velehanden.nl>
Van:
archivematica-psp-bounce@xxxxxxxxxxxxx<mailto:archivematica-psp-bounce@xxxxxxxxxxxxx>
<archivematica-psp-bounce@xxxxxxxxxxxxx<mailto:archivematica-psp-bounce@xxxxxxxxxxxxx>>
Namens Sara Allain
Verzonden: donderdag 7 mei 2020 01:55
Aan: archivematica-psp@xxxxxxxxxxxxx<mailto:archivematica-psp@xxxxxxxxxxxxx>
Onderwerp: [archivematica-psp] Minutes are up
Here they are! https://psp.archivematica.org/docs/minutes/20200422
-Sara
--
Sara Allain, MI (she/her)
Systems Archivist
Artefactual Systems, Inc.<https://www.artefactual.com/>