CI Security ROS benchmark

We’re definitely off-topic @kyrofa but I’ll remark that Canonical (you) is deciding what to support and what not. Alias Robotics volunteered to put the resources (our time :wink: ) to support these projects. To drive them and to continue bringing value to the community as reasoned at https://github.com/ros-security/community/issues/6#issuecomment-678430031. You’re just discarding efforts because it simply doesn’t align with your interests! With Ubuntu’s interests.

I think nobody expects you to get involved. In a group, there are different projects, led by different sub-groups (look at how it’s happening elsewere). It’d certainly be great to get more and more people interested in looking for security flaws in ROS code, and beyond running a static analyzer and filing PRs ( :wink: ), reasoning about PoCs, priorizing tickets based on severity and/or eventually (I hope), accelerating the mitigation of the many security flaws existing in ROS.

After so many years contributing to ROS, I’m surprised see how groups like the Security WG (which by the way, Alias has been pushing since earlier you even joined) are being lobbied by a single company this way. There has never been an open discussion about our contributions to the group and proposals. And frankly, you’re coming up with rules on-the-go.

Worse, the WG is now halving now its activity, decreasing more and more! But you (yourself) get to decide what’s worth maintaining and what’s not? Come on!

Wanna make things right? Start accepting contributions, bring things up to proper group discussions and encourage contributions in other directions, not just in the one that you’re lobbying for.

1 Like