[openstack-dev] [Security] Would people see a value in the cve-check-tool? (Reshetova, Elena)

Clark Boylan cboylan at sapwetik.org
Wed Aug 5 15:28:27 UTC 2015


On Wed, Aug 5, 2015, at 08:22 AM, Jeremy Stanley wrote:
> On 2015-08-05 15:04:15 +0000 (+0000), Ian Cordasco wrote:
> > One point of clarification. Not every project has to opt into
> > global-requirements so this isn't necessarily true. Also with the
> > merging of the stackforge and openstack namespaces, it'll be
> > harder to distinguish when a project is or isn't using g-r since
> > in the past it was fairly safe to assume that stackforge/ projects
> > were more likely to not use g-r.
> 
> Agreed, this used to be a (perhaps not well-documented) necessity
> for repos which were in or dependencies of the integrated release.
> Now that we've dissolved more of those arbitrary distinctions, this
> seems like a great opportunity for tracking with a governance tag.
> I'll go ahead and propose one later today if I get a spare moment.
>
We already track it in the requirements repo itself [0]. Not sure if we
need an additional tracking method.

[0]
https://git.openstack.org/cgit/openstack/requirements/tree/projects.txt

Clark



More information about the OpenStack-dev mailing list