<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 5/12/16 6:19 PM, Nikhil Komawar
wrote:<br>
</div>
<blockquote
cite="mid:f1dd270b-8683-768a-e329-c453d1534013@gmail.com"
type="cite">
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 5/12/16 6:04 PM, Flavio Percoco
wrote:<br>
</div>
<blockquote cite="mid:20160512220408.GI32550@redhat.com"
type="cite">On 12/05/16 17:38 -0400, Nikhil Komawar wrote: <br>
<blockquote type="cite">Comments, alternate proposal inline. <br>
<br>
<br>
<br>
On 5/12/16 8:35 AM, Jeremy Stanley wrote: <br>
<blockquote type="cite">On 2016-05-11 23:39:58 -0400 (-0400),
Nikhil Komawar wrote: <br>
<blockquote type="cite">I would like to propose adding add
Brian to the team. <br>
</blockquote>
[...] <br>
<br>
I'm thrilled to see Glance adding more security-minded
reviewers for <br>
embargoed vulnerability reports! One thing to keep in mind
though is <br>
that you need to keep the list of people with access to
these <br>
relatively small; I see <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://launchpad.net/%7Eglance-coresec/+members">https://launchpad.net/~glance-coresec/+members</a>
has five members now. <br>
</blockquote>
<br>
Thanks for raising this. Yes, we are worried about it too. But
as you <br>
bring it up, it becomes even more important. A lot of Glancers
time <br>
share with other projects and lack bandwidth to contribute
fully to this <br>
responsibility. Currently, I do not know if anyone can be
rotated out as <br>
we have had pretty good input from all the folks there. <br>
<br>
<blockquote type="cite">While the size I picked in item #2 at
<br>
<a moz-do-not-send="true" class="moz-txt-link-rfc1738"
href="https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements"><URL:
https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements
></a> <br>
is not meant to be a strict limit, you may still want to
take this <br>
as an opportunity to rotate out some of your less-active
reviewers <br>
(if there are any). <br>
<br>
<br>
</blockquote>
<br>
Thanks for not being strict on it. <br>
<br>
I do however, want to make another proposal: <br>
<br>
<br>
Since Stuart is our VMT liaison and he's on hiatus, can we add
Brian as <br>
his substitute. As soon as Stuart is back and is ready to
shoulder this <br>
responsibility we should do the rotation. <br>
<br>
Please vote +1, 0, -1. <br>
<br>
I will consider final votes by Thur May 19 2100 UTC. <br>
</blockquote>
<br>
<br>
Can we ask Stuart if he's ok with us removing him from the
coresec team? I think <br>
he won't have time for it and it'd be irresponsible from us to
send VMT bugs to <br>
him at this point. <br>
<br>
</blockquote>
</blockquote>
<br>
I just realized we both meant the same thing, my description wasn't
too clear though on what I meant as rotation.<br>
<br>
<blockquote
cite="mid:f1dd270b-8683-768a-e329-c453d1534013@gmail.com"
type="cite">
<blockquote cite="mid:20160512220408.GI32550@redhat.com"
type="cite"> </blockquote>
<br>
Confirmation enqueue. <br>
<br>
<blockquote cite="mid:20160512220408.GI32550@redhat.com"
type="cite">Cheers, <br>
Flavio <br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Thanks,
Nikhil</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Thanks,
Nikhil</pre>
</body>
</html>