I just wanted to close the loop here. I understand the position that others are taking and it appears that I'm outnumbered :-) While I disagree with this approach, it sounds like that's where we are at today. Even with this decision, I would encourage the horizon dev team to utilize Paul as a security resource.
Perhaps the best way to flag something as needing a security review in gerrit is to tag your PRs by writing "SecurityImpact" in the commit message. This will trigger a message to the openstack-security mailing list. Which should (hopefully!) result in some additional eyes on the code. Cheers, -bryan
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
