<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body>
<br>
<br>
<div class="moz-cite-prefix">On 5/12/16 6:04 PM, Flavio Percoco
wrote:<br>
</div>
<blockquote cite="mid:20160512220408.GI32550@redhat.com" type="cite">On
12/05/16 17:38 -0400, Nikhil Komawar wrote:
<br>
<blockquote type="cite">Comments, alternate proposal inline.
<br>
<br>
<br>
<br>
On 5/12/16 8:35 AM, Jeremy Stanley wrote:
<br>
<blockquote type="cite">On 2016-05-11 23:39:58 -0400 (-0400),
Nikhil Komawar wrote:
<br>
<blockquote type="cite">I would like to propose adding add
Brian to the team.
<br>
</blockquote>
[...]
<br>
<br>
I'm thrilled to see Glance adding more security-minded
reviewers for
<br>
embargoed vulnerability reports! One thing to keep in mind
though is
<br>
that you need to keep the list of people with access to these
<br>
relatively small; I see
<br>
<a class="moz-txt-link-freetext" href="https://launchpad.net/~glance-coresec/+members">https://launchpad.net/~glance-coresec/+members</a> has five
members now.
<br>
</blockquote>
<br>
Thanks for raising this. Yes, we are worried about it too. But
as you
<br>
bring it up, it becomes even more important. A lot of Glancers
time
<br>
share with other projects and lack bandwidth to contribute fully
to this
<br>
responsibility. Currently, I do not know if anyone can be
rotated out as
<br>
we have had pretty good input from all the folks there.
<br>
<br>
<blockquote type="cite">While the size I picked in item #2 at
<br>
<a class="moz-txt-link-rfc1738" href="https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements"><URL:
https://governance.openstack.org/reference/tags/vulnerability_managed.html#requirements
></a>
<br>
is not meant to be a strict limit, you may still want to take
this
<br>
as an opportunity to rotate out some of your less-active
reviewers
<br>
(if there are any).
<br>
<br>
<br>
</blockquote>
<br>
Thanks for not being strict on it.
<br>
<br>
I do however, want to make another proposal:
<br>
<br>
<br>
Since Stuart is our VMT liaison and he's on hiatus, can we add
Brian as
<br>
his substitute. As soon as Stuart is back and is ready to
shoulder this
<br>
responsibility we should do the rotation.
<br>
<br>
Please vote +1, 0, -1.
<br>
<br>
I will consider final votes by Thur May 19 2100 UTC.
<br>
</blockquote>
<br>
<br>
Can we ask Stuart if he's ok with us removing him from the coresec
team? I think
<br>
he won't have time for it and it'd be irresponsible from us to
send VMT bugs to
<br>
him at this point.
<br>
<br>
</blockquote>
<br>
Confirmation enqueue. <br>
<br>
<blockquote cite="mid:20160512220408.GI32550@redhat.com" type="cite">Cheers,
<br>
Flavio
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Thanks,
Nikhil</pre>
</body>
</html>