[openstack-dev] [Nova] Security vulnerability contacts
sriram at sriramhere.com
Mon Nov 18 19:27:28 UTC 2013
(ccing Bryan, Rob)
Thanks for the initiative. We at the OpenStack Security Group
large part of these tasks now and are looking for more help (particularly
around reviews from people that are intimate to the project internals).
Here are some pointers<https://wiki.openstack.org/wiki/Security/How_To_Contribute#How_To_Contribute_To_The_OpenStack_Security_Group_.28OSSG.29>on
how to get involved. You probably are inviting more volunteers for
I am just trying to make it clearer. If not, we need to work to make sure
the efforts are aligned and not duplicated.
On Mon, Nov 18, 2013 at 9:50 AM, Russell Bryant <rbryant at redhat.com> wrote:
> I'm on a quest to address Nova's project management growing pains and to
> make sure the Nova PTL is never an unnecessary bottleneck. One area
> that has been identified as needing a small team is handling Nova
> security vulnerability reports.
> We have the nova-coresec team on launchpad , which is currently all
> of nova-core. We need to re-work this to be a small subset of nova-core
> that is specifically interested in being the primary contacts for
> security issues. These people will be responsible for:
> 1) Helping determine if a report is legitimate
> 2) Pulling in the right expertise as necessary to analyze and/or fix a
> 3) Helping develop fixes for security issues
> 4) Helping to review security fixes (they must be reviewed in advance,
> before going to gerrit, because the patches are under embargo)
> I'm happy to be on this team, but I would like a few people with broad
> expertise to help out.
> For more information on the vulnerability management process, see .
> Who's in?
>  https://launchpad.net/~nova-coresec
>  https://wiki.openstack.org/wiki/Vulnerability_Management
> Russell Bryant
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev