[Openstack-docs] OpenStack Security Notes (OSSN)

Anne Gentle anne.gentle at rackspace.com
Thu Feb 13 22:25:33 UTC 2014 

On Thu, Feb 13, 2014 at 3:14 PM, Andreas Jaeger <aj at suse.com> wrote:

> On 02/13/2014 08:29 PM, Anne Gentle wrote:
> > Hi all,
> > I'd like to propose putting the OpenStack Security Notes (OSSN) in a
> > repository under the Documentation umbrella, using the git/gerrit
> > workflow to maintain and review those notes. Currently they're published
> > on the OpenStack wiki [1] and use a template on the wiki. [2]
> >
> > I think using a git/gerrit process and finding a way to publish these
> > with the OpenStack Security Guide [3] would be a great step. Wanted to
> > see what you all think as well -- appreciate any input or considerations
> > we should make.
>
> I'm fine with publishing them and using our review process for them.
>
> I'm just not sure whether the Security Guide is the right place or
> whether these should be published as a separate guide. We can start
> either way and change later ;)
>
> Is there some privacy involved in writing these before they get released?
>
>
Good question. I know the reporting process is purposely planned for
protection, see https://wiki.openstack.org/wiki/VulnerabilityManagement.

So I would guess that once something warrants a note, the secrecy/privacy
is done and the main goal is to communicate effectively.

Anne


> Andreas
>
> > Thanks,
> > Anne
> >
> > 1 https://wiki.openstack.org/wiki/Security_Notes
> > 2 https://wiki.openstack.org/wiki/Security/Security_Note_Process
> > 3 http://docs.openstack.org/sec/
> >
> >
> > _______________________________________________
> > Openstack-docs mailing list
> > Openstack-docs at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs
> >
>
>
> --
>  Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi
>   SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
>    GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)
>     GPG fingerprint = 93A3 365E CE47 B889 DF7F  FED1 389A 563C C272 A126
>
> _______________________________________________
> Openstack-docs mailing list
> Openstack-docs at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-docs/attachments/20140213/1aa0bb60/attachment.html>

More information about the Openstack-docs mailing list