<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Feb 13, 2014 at 3:14 PM, Andreas Jaeger <span dir="ltr"><<a href="mailto:aj@suse.com" target="_blank">aj@suse.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class="">On 02/13/2014 08:29 PM, Anne Gentle wrote:<br>
> Hi all,<br>
> I'd like to propose putting the OpenStack Security Notes (OSSN) in a<br>
> repository under the Documentation umbrella, using the git/gerrit<br>
> workflow to maintain and review those notes. Currently they're published<br>
> on the OpenStack wiki [1] and use a template on the wiki. [2]<br>
><br>
> I think using a git/gerrit process and finding a way to publish these<br>
> with the OpenStack Security Guide [3] would be a great step. Wanted to<br>
> see what you all think as well -- appreciate any input or considerations<br>
> we should make.<br>
<br>
</div>I'm fine with publishing them and using our review process for them.<br>
<br>
I'm just not sure whether the Security Guide is the right place or<br>
whether these should be published as a separate guide. We can start<br>
either way and change later ;)<br>
<br>
Is there some privacy involved in writing these before they get released?<br>
<br></blockquote><div><br></div><div>Good question. I know the reporting process is purposely planned for protection, see <a href="https://wiki.openstack.org/wiki/VulnerabilityManagement">https://wiki.openstack.org/wiki/VulnerabilityManagement</a>. </div>
<div><br></div><div>So I would guess that once something warrants a note, the secrecy/privacy is done and the main goal is to communicate effectively. </div><div><br></div><div>Anne</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
Andreas<br>
<div class=""><br>
> Thanks,<br>
> Anne<br>
><br>
> 1 <a href="https://wiki.openstack.org/wiki/Security_Notes" target="_blank">https://wiki.openstack.org/wiki/Security_Notes</a><br>
> 2 <a href="https://wiki.openstack.org/wiki/Security/Security_Note_Process" target="_blank">https://wiki.openstack.org/wiki/Security/Security_Note_Process</a><br>
> 3 <a href="http://docs.openstack.org/sec/" target="_blank">http://docs.openstack.org/sec/</a><br>
><br>
><br>
</div>> _______________________________________________<br>
> Openstack-docs mailing list<br>
> <a href="mailto:Openstack-docs@lists.openstack.org">Openstack-docs@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs</a><br>
><br>
<span class=""><font color="#888888"><br>
<br>
--<br>
Andreas Jaeger aj@{<a href="http://suse.com" target="_blank">suse.com</a>,<a href="http://opensuse.org" target="_blank">opensuse.org</a>} Twitter/Identica: jaegerandi<br>
SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany<br>
GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg)<br>
GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126<br>
<br>
_______________________________________________<br>
Openstack-docs mailing list<br>
<a href="mailto:Openstack-docs@lists.openstack.org">Openstack-docs@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-docs</a><br>
</font></span></blockquote></div><br></div></div>