[openstack-dev] [Horizon] Nominations to Horizon Core

ZG Niu niu.zglinux at gmail.com
Thu Dec 12 02:04:29 UTC 2013


+1


On Thu, Dec 12, 2013 at 9:14 AM, Bryan D. Payne <bdpayne at acm.org> wrote:

> Re: Removing Paul McMillan from core
>
> I would argue that it is critical that each project have 1-2 people on
> core that are security experts.  The VMT is an intentionally small team.
>  They are moving to having specifically appointed security sub-teams on
> each project (I believe this is what I heard at the last summit).  These
> teams would be a subset of the core devs that can handle security reviews.
>  They idea is that these people would then be able to +1 / -1 embargoed
> security patches.  So having someone like Paul on Horizon core would be
> very valuable for such things.
>
> In addition, I think that gerrit is exactly where security reviews
> *should* be happening.  Much better to catch things before they are merged,
> rather than as bugs after-the-fact.  Would we rather have a -1 on a code
> review than a CVE?
>
> My 2 cents,
> -bryan (from OSSG)
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Best Regards,
NiuZG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131212/3d6f76bc/attachment.html>


More information about the OpenStack-dev mailing list