> From: Russell Bryant <rbry...@redhat.com> > We can involve people in security reviews without having them on the > core review team. They are separate concerns.
As I noted in my original mail, this was my primary concern. I just didn't want "not core" to stand in the way of "is appropriate to provide security review for private patches on Launchpad". If that is the case, I want to be sure that there is someone on core who has the appropriate domain-specific knowledge to make sure the patch is thorough and correct. I'll leave the rest of the argument about why this is important for after I finish filing the tickets and fixes are released so we can publicly talk about it. -Paul _______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
