On Sat, Nov 18, 2017 at 8:34 PM, Jeremy Stanley <[email protected]> wrote:
> On 2017-11-03 07:49:05 +0000 (+0000), Luke Hinds wrote: > [...] > > One thing came to mind on Jeremy's points around the VMT, is > > OSSN's > > > > We often get a workflow where Sec-Core are brought into a private > > LP bug to determine if its suitable for an OSSN, and it remains so > > until we release the OSSN. > > > > So the option here is transfer OSSN into the VMT, or we keep > > things as they are. > [...] > > The VMT has operated fairly independently of the Security Team even > while they were technically one project team from a governance > perspective. In my opinion moving OSSN publications to the VMT makes > little sense as those were always intended to be addenda/appendices > of the Security Guide, which would presumably remain the purview of > the new Security SIG. As you note the VMT already does a decent job > of pulling the security notes editors into discussions if we > determine an issue is out of scope for an advisory, and I don't see > that process would need to change. > -- > Jeremy Stanley > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > Let's keep it as it is then. We intend to keep the same access control / structure when we move to a SIG, so I cannot see the work flow we have changing (whereby you bring Sec-Core into the LP bug).
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
