An eduGAIN membership vote was carried out from 7th December - 30th December 2022. Members were asked to vote on the eduGAIN CSIRT Terms of Reference and the eduGAIN CSIRT RFC2350.
Results of the Vote
eduGAIN CSIRT ToR: 49 votes cast, 43 votes in the affirmative, 6 abstain
eduGAIN CSIRT RFC2350: 51 votes cast, 46 votes in the affirmative, 5 abstain
Notes and Errata
Comments from UK fed:
- Section 4.3 of RFC2350 uses the colour designation from TLP version 1. If we are to
support both versions of TMLP and follow Postel's Principle, eduGAIN-CSIRT would accept
information that comes in with designations from either version (TLP:RED, TLP:AMBER,
TLP:AMBER+STRICT, TLP:GREEN, TLP:WHITE, TLP:CLEAR) and send information out only with
designations from TLPv2.
- Section 3.3 of the Terms of Reference states "business hours (9x5 CET/CEST)" should be
made consistent with the information in RFC2350v1, which is "hours of operation are Monday
- Friday 09:00-17:00 (CET/CEST), except public holidays"
- Section 4.1 of the Terms of Reference states "the eduGAIN-CSIRT Security Officer, that
will be nominated by the GEANT project." Should it be the eduGAIN Executive Committee that
appoints?
Comments from ACOnet:
ot strictly related to the current vote but since I noticed it in
this context and I don't want it to be forgotten: Note that
https://wiki.geant.org/display/eduGAIN/eduGAIN+Security
contains different (and a lot more) information than
https://edugain.org/edugain-security/
and (making matters worse) neither contains link to the other, AFAICT.
Now, in the ToR document the TOC on page 2 of the PDF says
"5.6 Reporting Error! Bookmark not defined."
when I open this (using 2 different PDF viewers, xpdf/poppler and
mupdf).
Also what should be hyperlinks is only indicated by blue, underlined
text but none of the links are hyperlinks/clickable when they could
and therefore should be.
Comments from eduID.lu
Review naming consistency (dashes in CSIRT).