[openstack-dev] [Horizon] Nominations to Horizon Core

Lyle, David david.lyle at hp.com
Thu Dec 12 00:10:25 UTC 2013


> -----Original Message-----
> From: Monty Taylor [mailto:mordred at inaugust.com]
> Sent: Wednesday, December 11, 2013 10:28 AM
> To: openstack-dev at lists.openstack.org
> Subject: Re: [openstack-dev] [Horizon] Nominations to Horizon Core
> 
> 
> 
> On 12/11/2013 03:51 PM, Russell Bryant wrote:
> > On 12/10/2013 05:57 PM, Paul McMillan wrote:
> >> +1 on Tatiana Mazur, she's been doing a bunch of good work lately.
> >>
> >> I'm fine with me being removed from core provided you have someone
> else qualified to address security issues as they come up. My contributions
> have lately been reviewing and responding to security issues, vetting fixes
> for those, and making sure they happen in a timely fashion. Fortunately, we
> haven't had too many of those lately. Other than that, I've been lurking and
> reviewing to make sure nothing egregious gets committed.
> >>
> >> If you don't have anyone else who is a web security specialist on the core
> team, I'd like to stay. Since I'm also a member of the Django security team, I
> offer a significant chunk of knowledge about how the underlying security
> protections are intended work.
> >
> > Security reviews aren't done on gerrit, though.  They are handled in
> > launchpad bugs.  It seems you could still contribute in this way without
> > being on the horizon-core team responsible for reviewing normal changes
> > in gerrit.
> >
> > The bigger point is that you don't have to be on whatever-core to
> > contribute productively to reviews.  I think every project has people
> > that make important review contributions, but aren't necessarily
> > reviewing regularly enough to be whatever-core.
> 
> And as a follow up - I betcha the vulnerability-management team would
> LOVE to have you!
> 

Your reviews are still valued and carry no less weight in or out of Horizon-core.  It really just boils down to engagement.

I agree with Monty, that vulnerability-management seems like a natural fit for the concerns you raise, plus it has a broader focus.

David




More information about the OpenStack-dev mailing list