[openstack-dev] [ptl] [security][tc] Tidy up language in section 5 of the vulnerability:managed tag

Steven Dake (stdake) stdake at cisco.com
Sun Apr 17 05:54:56 UTC 2016

On 4/12/16, 10:42 AM, "Jeremy Stanley" <fungi at yuggoth.org> wrote:

>On 2016-04-02 14:40:57 +0000 (+0000), Steven Dake (stdake) wrote:
>> IANAL and writing these things correctly is hard to do properly );
>> involving the community around the pain points of the tagging
>> process is what I'm after.
>Nobody on the VMT is a lawyer either, and when I wrote the original
>text I wanted to make sure it provided sufficient guidance on our
>expectations while still being inclusive and without needing a
>lawyer to interpret. As it stands, the VMT and TC still make the
>final call on whether an application is sufficiently convincing, so
>the point of the application criteria are to make sure projects know
>what sort of convincing we're looking for.
>Jeremy Stanley

Agree - I recognize after trying my hand at writing just one part of the
complete VMT tag how difficult it is.  I think you did a great job on the
initial work.

It appears like we are both after the same outcome.  I think the changes
in my review to section 5 are a good start, but with the cross project
session I proposed on scaling the OSSA/VMT, my proposal may need to change
as a result of the outcome of that cross project session.



More information about the OpenStack-dev mailing list