On Tue, Jan 17, 2017 at 6:26 AM, Julien Danjou <jul...@danjou.info> wrote: > Hi, > > I've asked on #openstack-security without success, so let me try here > insteead: > > We, Telemetry, have a security bug and we're not managed by VMT, any > hint as how to handle our bug? Or how to get covered by VMT? 😊
So, in terms of process I'd advise you read https://security.openstack.org/vmt-process.html because it describes how the VMT process works. I believe http://docs.openstack.org/project-team-guide/vulnerability-management.html described that you need to be "security-supported" which involves joining the list of projects with the "vulnerability:managed" tag (https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html). https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html#requirements describes the requirements to attain that tag. Cheers, -- Ian Cordasco __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
