[openstack-dev] [Nova] Security vulnerability contacts

Sriram Subramanian sriram at sriramhere.com
Mon Nov 18 19:27:28 UTC 2013


(ccing Bryan, Rob)

Thanks for the initiative. We at the OpenStack Security Group
<https://launchpad.net/~openstack-ossg>are doing
large part of these tasks now and are looking for more help (particularly
around reviews from people that are intimate to the project internals).
Here are some pointers<https://wiki.openstack.org/wiki/Security/How_To_Contribute#How_To_Contribute_To_The_OpenStack_Security_Group_.28OSSG.29>on
how to get involved. You probably are inviting more volunteers for
I am just trying to make it clearer. If not, we need to work to make sure
the efforts are aligned and not duplicated.


On Mon, Nov 18, 2013 at 9:50 AM, Russell Bryant <rbryant at redhat.com> wrote:

> Greetings,
> I'm on a quest to address Nova's project management growing pains and to
> make sure the Nova PTL is never an unnecessary bottleneck.  One area
> that has been identified as needing a small team is handling Nova
> security vulnerability reports.
> We have the nova-coresec team on launchpad [1], which is currently all
> of nova-core.  We need to re-work this to be a small subset of nova-core
> that is specifically interested in being the primary contacts for
> security issues.  These people will be responsible for:
> 1) Helping determine if a report is legitimate
> 2) Pulling in the right expertise as necessary to analyze and/or fix a
> problem
> 3) Helping develop fixes for security issues
> 4) Helping to review security fixes (they must be reviewed in advance,
> before going to gerrit, because the patches are under embargo)
> I'm happy to be on this team, but I would like a few people with broad
> expertise to help out.
> For more information on the vulnerability management process, see [2].
> Who's in?
> [1] https://launchpad.net/~nova-coresec
> [2] https://wiki.openstack.org/wiki/Vulnerability_Management
> --
> Russell Bryant
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20131118/bf398723/attachment.html>

More information about the OpenStack-dev mailing list