Open Stack

> From: Russell Bryant <rbryant at redhat.com>
> We can involve people in security reviews without having them on the
> core review team.  They are separate concerns.

As I noted in my original mail, this was my primary concern. I just didn't want "not core" to stand in the way of "is appropriate to provide security review for private patches on Launchpad". If that is the case, I want to be sure that there is someone on core who has the appropriate domain-specific knowledge to make sure the patch is thorough and correct.

I'll leave the rest of the argument about why this is important for after I finish filing the tickets and fixes are released so we can publicly talk about it.

-Paul