[openstack-dev] Security bug in diskimage-builder
fungi at yuggoth.org
Mon May 29 19:02:59 UTC 2017
On 2017-05-29 15:43:43 +0200 (+0200), Emilien Macchi wrote:
> On Wed, May 24, 2017 at 7:45 PM, Ben Nemec <openstack at nemebean.com> wrote:
> > Emilien, I think we should create a tripleo-coresec group in
> > launchpad that can be used for this. We have had
> > tripleo-affecting security bugs in the past and I imagine we
> > will again. I'm happy to help out with that, although I will
> > admit my launchpad-fu is kind of weak so I don't know off the
> > top of my head how to do it.
> That or re-use an existing Launchpad group used by OpenStack VMT?
The OpenStack VMT doesn't triage bugs for deliverables aside from
those tagged with vulnerability:managed in governance. For those we
recommend private security bugs only be automatically shared with
the openstack-vuln-mgmt team in LP, and then we manually subscribe
something-coresec to the report once we're sure it was reported
against the correct project. For deliverables without VMT oversight,
it makes sense to have private security bugs automatically shared
with those something-coresec teams directly.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 949 bytes
Desc: Digital signature
More information about the OpenStack-dev