[openstack-dev] [Horizon] Nominations to Horizon Core
fungi at yuggoth.org
Thu Dec 12 01:05:08 UTC 2013
On 2013-12-11 18:28:14 +0100 (+0100), Monty Taylor wrote:
> On 12/11/2013 03:51 PM, Russell Bryant wrote:
> > On 12/10/2013 05:57 PM, Paul McMillan wrote:
> > [...]
> > > If you don't have anyone else who is a web security specialist
> > > on the core team, I'd like to stay. Since I'm also a member of
> > > the Django security team, I offer a significant chunk of
> > > knowledge about how the underlying security protections are
> > > intended work.
> > Security reviews aren't done on gerrit, though. They are
> > handled in launchpad bugs. It seems you could still contribute
> > in this way without being on the horizon-core team responsible
> > for reviewing normal changes in gerrit.
> > [...]
> And as a follow up - I betcha the vulnerability-management team
> would LOVE to have you!
In particular, there are plenty of open public vulnerabilities
throughout OpenStack in various states of being addressed which you
can pitch in on even with fairly limited levels of commitment.
Anything which needs an advisory, or which we think might need one
but are not yet sure, is listed at https://bugs.launchpad.net/ossa
(with privately-reported and still embargoed issues being the
exception). Whatever you see there which piques your interest,
whether it needs testing/confirmation, a patch or even just an
expert opinion on exploitability/risk would be a welcome
Any help we get dealing with already public vulnerabilities frees up
more of our time to focus on embargoed items while still keeping the
core group small (minimizing risk of premature disclosure). More
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 966 bytes
Desc: Digital signature
More information about the OpenStack-dev