Russell, (ccing Bryan, Rob)
Thanks for the initiative. We at the OpenStack Security Group <https://launchpad.net/~openstack-ossg>are doing large part of these tasks now and are looking for more help (particularly around reviews from people that are intimate to the project internals). Here are some pointers<https://wiki.openstack.org/wiki/Security/How_To_Contribute#How_To_Contribute_To_The_OpenStack_Security_Group_.28OSSG.29>on how to get involved. You probably are inviting more volunteers for OSSG, I am just trying to make it clearer. If not, we need to work to make sure the efforts are aligned and not duplicated. Thanks, -Sriram On Mon, Nov 18, 2013 at 9:50 AM, Russell Bryant <rbry...@redhat.com> wrote: > Greetings, > > I'm on a quest to address Nova's project management growing pains and to > make sure the Nova PTL is never an unnecessary bottleneck. One area > that has been identified as needing a small team is handling Nova > security vulnerability reports. > > We have the nova-coresec team on launchpad [1], which is currently all > of nova-core. We need to re-work this to be a small subset of nova-core > that is specifically interested in being the primary contacts for > security issues. These people will be responsible for: > > 1) Helping determine if a report is legitimate > > 2) Pulling in the right expertise as necessary to analyze and/or fix a > problem > > 3) Helping develop fixes for security issues > > 4) Helping to review security fixes (they must be reviewed in advance, > before going to gerrit, because the patches are under embargo) > > I'm happy to be on this team, but I would like a few people with broad > expertise to help out. > > For more information on the vulnerability management process, see [2]. > > Who's in? > > [1] https://launchpad.net/~nova-coresec > [2] https://wiki.openstack.org/wiki/Vulnerability_Management > > -- > Russell Bryant > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Thanks, -Sriram
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
