[openstack-dev] [Security] Picking a new tag

Dave Walker email at daviey.com
Thu Sep 22 22:03:31 UTC 2016


On 22 September 2016 at 19:52, Ian Cordasco <sigmavirus24 at gmail.com> wrote:

> During the OpenStack Security Project (OSSP) meeting today we
> discussed the fact that some MUAs don't filter the "[Security]" tag
> very well and this causes a bit of an overload for people trying to
> follow the internal workings of the OSSP. We were briefly side-tracked
> trying to come up with a different tag that would be less likely to
> cause false positives with filtering.
>
> This also seemed like a good opportunity to use the mailing list to
> come up with our new tag, since we've had such an atrocious time using
> it in the past.
>
> Some of the suggestions I recall from the meeting include:
>
> - OSSP
> - openstack-sec
>
> I think we'd want to keep "openstack" out of our tag name, so maybe
>
> - sec-project
> - security-project
>
> Thoughts?
>
>
Hi,

I'm not convinced it needs changing.  [security] is a pretty logical topic
tag, and rolls off the keyboard quite easily.

So the real issue is filtering on headers.  Most mail providers do provide
this, and certainly MUA.. however gmail does make it a bit harder.

Mailman wont see all arbitrary "[strings]", but the ones that are added
allows the user to subscript specifically to them.  [security] is one such
tag, which means that OSSP interested parties could subscribe
*specifically* to that tag (and probably [all] for good measure).

However, this does mean that these subscribers have little chance of seeing
any other mail.  What would be better would be to add labels (gmail
terminology) specifically to [security] threads.

Mailman does add an X- field such as:
"X-Topics: foo Security bar"

Sadly you cannot search using the Gmail interface for these fields.. but it
does provide a service to run scripts on mails on regular intervals, which
will allow the desired labelling.

I've written a sample script, and it works.  Go to https://script.google.com
and add the contents of
https://gist.github.com/Daviey/eb61c284b6d3bf6562763db2cb8a7351 .  Click
the clock symbol, and set an hourly interval.

This will mean that all [Security] tagged mails receive an OSSP gmail label.

HTH, let me know if it does.

--
Kind Regards,
Dave Walker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160922/32d47b78/attachment.html>


More information about the OpenStack-dev mailing list