[openstack-dev] [Nova] Security vulnerability contacts

Russell Bryant rbryant at redhat.com
Mon Nov 18 17:50:48 UTC 2013


I'm on a quest to address Nova's project management growing pains and to
make sure the Nova PTL is never an unnecessary bottleneck.  One area
that has been identified as needing a small team is handling Nova
security vulnerability reports.

We have the nova-coresec team on launchpad [1], which is currently all
of nova-core.  We need to re-work this to be a small subset of nova-core
that is specifically interested in being the primary contacts for
security issues.  These people will be responsible for:

1) Helping determine if a report is legitimate

2) Pulling in the right expertise as necessary to analyze and/or fix a

3) Helping develop fixes for security issues

4) Helping to review security fixes (they must be reviewed in advance,
before going to gerrit, because the patches are under embargo)

I'm happy to be on this team, but I would like a few people with broad
expertise to help out.

For more information on the vulnerability management process, see [2].

Who's in?

[1] https://launchpad.net/~nova-coresec
[2] https://wiki.openstack.org/wiki/Vulnerability_Management

Russell Bryant

More information about the OpenStack-dev mailing list