Open Stack

On 12/10/2013 05:57 PM, Paul McMillan wrote:
> +1 on Tatiana Mazur, she's been doing a bunch of good work lately.
> 
> I'm fine with me being removed from core provided you have someone else qualified to address security issues as they come up. My contributions have lately been reviewing and responding to security issues, vetting fixes for those, and making sure they happen in a timely fashion. Fortunately, we haven't had too many of those lately. Other than that, I've been lurking and reviewing to make sure nothing egregious gets committed.
> 
> If you don't have anyone else who is a web security specialist on the core team, I'd like to stay. Since I'm also a member of the Django security team, I offer a significant chunk of knowledge about how the underlying security protections are intended work.

Security reviews aren't done on gerrit, though.  They are handled in
launchpad bugs.  It seems you could still contribute in this way without
being on the horizon-core team responsible for reviewing normal changes
in gerrit.

The bigger point is that you don't have to be on whatever-core to
contribute productively to reviews.  I think every project has people
that make important review contributions, but aren't necessarily
reviewing regularly enough to be whatever-core.

-- 
Russell Bryant