On 12/11/2013 03:51 PM, Russell Bryant wrote: > On 12/10/2013 05:57 PM, Paul McMillan wrote: >> +1 on Tatiana Mazur, she's been doing a bunch of good work lately. >> >> I'm fine with me being removed from core provided you have someone else >> qualified to address security issues as they come up. My contributions have >> lately been reviewing and responding to security issues, vetting fixes for >> those, and making sure they happen in a timely fashion. Fortunately, we >> haven't had too many of those lately. Other than that, I've been lurking and >> reviewing to make sure nothing egregious gets committed. >> >> If you don't have anyone else who is a web security specialist on the core >> team, I'd like to stay. Since I'm also a member of the Django security team, >> I offer a significant chunk of knowledge about how the underlying security >> protections are intended work. > > Security reviews aren't done on gerrit, though. They are handled in > launchpad bugs. It seems you could still contribute in this way without > being on the horizon-core team responsible for reviewing normal changes > in gerrit. > > The bigger point is that you don't have to be on whatever-core to > contribute productively to reviews. I think every project has people > that make important review contributions, but aren't necessarily > reviewing regularly enough to be whatever-core.
And as a follow up - I betcha the vulnerability-management team would LOVE to have you! _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
