[tc][election] campaign question: team approval criteria

Sylvain Bauza sbauza at redhat.com
Mon Feb 25 20:28:58 UTC 2019


Le lun. 25 févr. 2019 à 20:58, Jeremy Stanley <fungi at yuggoth.org> a écrit :

> On 2019-02-20 19:36:28 +0100 (+0100), Sylvain Bauza wrote:
> [...]
> > The last item is interesting, because the OIP draft at the moment
> > shows more technical requirements than the Foundation ones. For
> > example, VMT is - at the moment I'm writing those lines - quoted
> > as a common best practice, which is something we don't ask for our
> > projects. That's actually a good food for thoughts : security is
> > crucial and shouldn't be just a tag [3]. OpenStack is mature and
> > it's our responsibility to care about CVEs.
> [...]
>
> Leaving aside the assertion that "caring about CVEs" is the same
> thing as caring about security, it's worth mentioning that the
> centralized OpenStack VMT doesn't (and can't) easily scale. It
> publishes a set of guidelines, process documents and templates which
> any team can follow to achieve similar results, but the governance
> tag we have right now serves mostly to set the scope of the
> centralized VMT (and in turn expresses some fairly strict criteria
> for expanding that scope to indicate direct oversight of more
> deliverables).
>

Yup and I know that :-(
When I said the above, I was about saying that all the projects should have
at least one liaison (at least the PTL) and a way to have some security
discussions if needed.


>
> I'm open to suggestions for how the OpenStack TC can better promote
> good security practices within teams. I have some thoughts as well,
> though it probably warrants a separate thread at a later date when I
> have more time to assemble words on the subject.
>

Yeah agreed. Maybe in the next Forum because we need to have a discussion
with the operators for this I think.

Sylvain

-- 
> Jeremy Stanley
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190225/ccfac811/attachment.html>


More information about the openstack-discuss mailing list