> @leandron @Mousius thanks for taking a look! @denise-k updated the RFC to
> address and scope security. I agree this is important. I think this covers
> the bit you're mentioning about CI security; I think given the themes of the
> roadmap, TVM security should fall more into a "release-oriente
@Mousius One way to group the various security related tasks is like so:
- Infra work: adding e.g. vuln scanners to CI or elsewhere
- Security problems with CI infra: issues outside the TVM codebase, but which
are encountered only because we need to run a CI. Things related to e.g.
Jenkins versio
@areusch helped me understand the contention here, there's a release process
for managing things such as bugs, security vulnerabilities and other forms of
fixes in a release cycle and accounting for all of those things in this roadmap
is definitely out of scope :smile_cat:
My confusion was tha
