[all][docs][security-sig] season of docs

Jeremy Stanley fungi at yuggoth.org
Wed Apr 10 11:17:39 UTC 2019


On 2019-04-10 11:45:39 +0100 (+0100), Stephen Finucane wrote:
[...]
> I guess the next steps are figuring out what projects need the
> most help and putting together a list of ideas that we can submit.
> I can only really speak for nova and oslo.
[...]

In the last Security SIG meeting we discussed (in the context of the
TC's "help wanted" list) how most of the help we need is
documentation related.

We need Security Analysis documents for a lot of projects, and
reviewers for many of the ones already proposed too:

https://docs.openstack.org/security-analysis/latest/
https://review.openstack.org/#/q/project:openstack/security-analysis+is:open
https://opendev.org/openstack/security-analysis/

The Security Guide doesn’t seem to have been updated since Pike, so
it’s a good 1.5 years behind. Having someone step through what's
there and confirm or refresh it for Stein would be awesome:

https://docs.openstack.org/security-guide/
https://opendev.org/openstack/security-doc/

The documentation we have on secure coding practices is fairly light
and could do with more content:

https://security.openstack.org/#secure-development-guidelines

We could also use help with writing security notes and triaging the
outstanding OSSN backlog:

https://wiki.openstack.org/wiki/Security_Notes
https://wiki.openstack.org/wiki/Security/Security_Note_Process
https://bugs.launchpad.net/ossn

Much of the above likely requires folks with at least some
information security background or interest, but it's a really great
place to improve the overall security posture of OpenStack across
the board.
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190410/0383ee32/attachment.sig>


More information about the openstack-discuss mailing list