Hi ttx, Very good points.
The gating factor is triage, and this is what we first have to build our, OpenStack's, Vulnerability Management solution around. If the needed resources are not yet available let's fully understand that. If distros and other OpenStack builders are not able to provide direct, accessible, 24/7 contact for coordinated disclosure in, say, the emergence of a zero day attack, then we can't do much more for them than hope they are not compromised before they can respond to the public disclosure. Prepare for the worst, hope for the best. I think we will soon be surprised by how much resources we, OpenStack, have available, and who you will be able to access at any time of day [1] if the issue warrants it -- code forbid! Just think it has takes these last many months (and for many, some more months) for the most recent cohorts to explore the code, play with the experience, and start to investigate solutions. 2012 is going to be a huge year for OpenStack! Aside, I don't like your amateur vs professional angle for a couple of reasons. For starters, my skimming through the archives, wiki, and code trees, it was clear before I started that you are anything but an amateur. Further, passion is one of the tools that the amateur, the maker, has to bring more fully to bear than the profession -- I <3 passion! It sounds like from your experiences you are all too familiar that until someone (you!) puts something in place, there is much dragging of feet, and once it is place everyone is a critic ;-) Thanks for your patience with me, and thoughtful explanations. Thanks for taking so much of your day today to engage me on this issue -- I can't wait to some day not-to-far-away meet you. After this long weekend I'll see if I can't bend some of your PPB ears, and see us iterate to the next solution. I trust you will continue to be a passionate participant! Cheers, Lloyd 1. The sun is always shining on an international project! _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
