On 03/01/2016 05:12 PM, Ryan Hallisey wrote: > Hello, > > I have experience writing selinux policy. My plan was to write the selinux > policy for Kolla in the next cycle. I'd be interested in joining if that > fits the criteria here. >
Hello Ryan, While knowing howto write SELinux policy is a great asset for a coresec team member, it's not a requirement. Such team purpose isn't to implement core security features, but rather be responsive about private security bug to confirm the issue and discuss the scope of any vulnerability along with potential solutions. > Thanks, > -Ryan > > ----- Original Message ----- > From: "Steven Dake (stdake)" <std...@cisco.com> > To: "OpenStack Development Mailing List (not for usage questions)" > <openstack-dev@lists.openstack.org> > Sent: Tuesday, March 1, 2016 11:55:55 AM > Subject: [openstack-dev] [kolla][security] Obtaining the > vulnerability:managed tag > > Core reviewers, > > Please review this document: > https://github.com/openstack/governance/blob/master/reference/tags/vulnerability_managed.rst > > > It describes how vulnerability management is handled at a high level for > Kolla. When we are ready, I want the kolla delivery repos vulnerabilities to > be managed by the VMT team. By doing this, we standardize with other > OpenStack processes for handling security vulnerabilities. > For reference, the full process is described here: https://security.openstack.org/vmt-process.html > The first step is to form a kolla-coresec team, and create a separate > kolla-coresec tracker. I have already created the tracker for kolla-coresec > and the kolla-coresec team in launchpad: > > https://launchpad.net/~kolla-coresec > > https://launchpad.net/kolla-coresec > > I have a history of security expertise, and the PTL needs to be on the team > as an escalation point as described in the VMT tagging document above. I also > need 2-3 more volunteers to join the team. You can read the requirements of > the job duties in the vulnerability:managed tag. > > If your interested in joining the VMT team, please respond on this thread. If > there are more then 4 individuals interested in joining this team, I will > form the team from the most active members based upon liberty + mitaka > commits, reviews, and PDE spent. > Note that the VMT team is global to openstack, I guess you are referring to the Kolla VMT team (now known as kolla-coresec). Regards, -Tristan
signature.asc
Description: OpenPGP digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
