Monthly General Meeting, August 2025
Propositions and Motions
Adopting a security policy
This was a late addition to the agenda that was approved during the meeting.
We currently do not have a defined process for reporting security bugs to us. A draft of a proposed security policy was made available for the meeting. There was additionally a proposal to update our policy document to link to the new security policy document.
The meeting voted unanimously in favour of amending our policy to link to the security policy document, but did not consense on adopting the draft as-is. It was agreed that consensus for adopting a security policy could be sought on an internal mailing list. A potential “hall of fame” for actionable security reports was discussed, but faced concerns about adding an incentive to send false reports in hopes of getting undue recognition. The meeting also agreed that Libera Chat should take an explicit stance against AI-hallucinated security reports.
A few other logistical concerns were discussed during the meeting as well. Specifically, it was agreed that an email for reporting security bugs should be routed to the operations team and the board. It was also agreed that it would be desirable to have a public PGP key for encrypting inbound emails, though this is complicated by needing to set up a shared key store for it that staffers outside of the operations team can use.
Other Questions
There was one other item on the agenda concerning a potential future staff meetup. The meeting agreed that, for staff privacy reasons, it should be redacted from the public minutes.