[openstack-dev] Fwd: [security] [salt] Removal of Security and OpenStackSalt project teams from the Big Tent

Luke Hinds lhinds at redhat.com
Wed Sep 21 13:03:35 UTC 2016


Hi,

So I am recent elected core to the security group, so while obviously
pro OSSG-Sec, I also have a fairly fresh perspective of the group.

I would first off all not agree on disengagement with the community.
Well at least not from my perspective.

Since I joined I have found the group welcoming to new members, with
well run with meetings never starting late or failing to achieve
actions from before. While I may be a new core, I am not new to open
source, so there is no way I would have joined if I felt the group was
waning in enthusiasm, disconnected or not moving forward.

The team are actively working on several projects which have found
vulnerabilities in openstack, namely Bandit and syntribos, threat
analysis and I was inspired to start on my own new proposal project
from seeing the enthusiasm in the group. There is also lots of
engagement between other cores and the security group in OSSN's
(security notes). I recently took over covering these, and have
enjoyed working immensely with cores in keystone, trove, nova,
neutron, and horizon etc. I did not see any disconnect there myself.

On the matter of elections, I understand people are upset that the PTL
nomination period was missed, but I understand there was a genuine
reason for this which I will leave for the PTL to cover. For me Robert
did a really great job of welcoming and mentoring me into the security
group, so I personally have nothing but respect there.

So if the decision is made to demote(?) the group, I guess so be it,
but it will be a big downer and disappointment for me as someone that
is proud and enthusiastic to be a new OSSG-core sec member.

Regards,

Luke


------------------------------------------------------------
From: Thierry Carrez <thierry at openstack.org>
Date: Wed, Sep 21, 2016 at 12:23 PM
Subject: [openstack-dev] [security] [salt] Removal of Security and
OpenStackSalt project teams from the Big Tent
To: OpenStack Development Mailing List <openstack-dev at lists.openstack.org>


Hi everyone,

As announced previously[1][2], there were no PTL candidates within the
election deadline for a number of official OpenStack project teams:
Astara, UX, OpenStackSalt and Security.

In the Astara case, the current team working on it would like to abandon
the project (and let it be available for any new team who wishes to take
it away). A change should be proposed really soon now to go in that
direction.

In the UX case, the current PTL (Piet Kruithof) very quickly reacted,
explained his error and asked to be considered for the position for
Ocata. The TC will officialize his nomination at the next meeting,
together with the newly elected PTLs.

That leaves us with OpenStackSalt and Security, where nobody reacted to
the announcement that we are missing PTL candidates. That points to a
real disconnect between those teams and the rest of the community. Even
if you didn't have the election schedule in mind, it was pretty hard to
miss all the PTL nominations in the email last week.

The majority of TC members present at the meeting yesterday suggested
that those project teams should be removed from the Big Tent, with their
design summit space allocation slightly reduced to match that (and make
room for other not-yet-official teams).

In the case of OpenStackSalt, it's a relatively new addition, and if
they get their act together they could probably be re-proposed in the
future. In the case of Security, it points to a more significant
disconnect (since it's not the first time the PTL misses the nomination
call). We definitely still need to care about Security (and we also need
a home for the Vulnerability Management team), but I think the "Security
team" acts more like a workgroup than as an official project team, as
evidenced by the fact that nobody in that team reacted to the lack of
PTL nomination, or the announcement that the team missed the bus.

The suggested way forward there would be to remove the "Security project
team", have the Vulnerability Management Team file to be its own
official project team (in the same vein as the stable maintenance team),
and have Security be just a workgroup rather than a project team.

Thoughts, comments ?

[1]
http://lists.openstack.org/pipermail/openstack-dev/2016-September/103904.html
[2]
http://lists.openstack.org/pipermail/openstack-dev/2016-September/103939.html

--
Thierry Carrez (ttx)

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Luke Hinds | NFV Partner Engineering | Office of Technology | Red Hat
e: lhinds at redhat.com | irc: lhinds @freenode | m: +44 77 45 63 98 84 |
t: +44 12 52 36 2483



More information about the OpenStack-dev mailing list