On 3/1/16, 10:47 AM, "Tristan Cacqueray" <tdeca...@redhat.com> wrote:
>On 03/01/2016 05:12 PM, Ryan Hallisey wrote: >> Hello, >> >> I have experience writing selinux policy. My plan was to write the >>selinux policy for Kolla in the next cycle. I'd be interested in >>joining if that fits the criteria here. >> > >Hello Ryan, > >While knowing howto write SELinux policy is a great asset for a coresec >team member, it's not a requirement. Such team purpose isn't to >implement core security features, but rather be responsive about private >security bug to confirm the issue and discuss the scope of any >vulnerability along with potential solutions. > > > >> Thanks, >> -Ryan >> >> ----- Original Message ----- >> From: "Steven Dake (stdake)" <std...@cisco.com> >> To: "OpenStack Development Mailing List (not for usage questions)" >><openstack-dev@lists.openstack.org> >> Sent: Tuesday, March 1, 2016 11:55:55 AM >> Subject: [openstack-dev] [kolla][security] Obtaining >>the vulnerability:managed tag >> >> Core reviewers, >> >> Please review this document: >> >>https://github.com/openstack/governance/blob/master/reference/tags/vulner >>ability_managed.rst >> >> It describes how vulnerability management is handled at a high level >>for Kolla. When we are ready, I want the kolla delivery repos >>vulnerabilities to be managed by the VMT team. By doing this, we >>standardize with other OpenStack processes for handling security >>vulnerabilities. >> >For reference, the full process is described here: >https://security.openstack.org/vmt-process.html > >> The first step is to form a kolla-coresec team, and create a separate >>kolla-coresec tracker. I have already created the tracker for >>kolla-coresec and the kolla-coresec team in launchpad: >> >> https://launchpad.net/~kolla-coresec >> >> https://launchpad.net/kolla-coresec >> >> I have a history of security expertise, and the PTL needs to be on the >>team as an escalation point as described in the VMT tagging document >>above. I also need 2-3 more volunteers to join the team. You can read >>the requirements of the job duties in the vulnerability:managed tag. >> >> If your interested in joining the VMT team, please respond on this >>thread. If there are more then 4 individuals interested in joining this >>team, I will form the team from the most active members based upon >>liberty + mitaka commits, reviews, and PDE spent. >> >Note that the VMT team is global to openstack, I guess you are referring >to the Kolla VMT team (now known as kolla-coresec). Yes that is correct. Thanks Tristan for clarifying. > > >Regards, >-Tristan > > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
