Open Stack

On 08/30/2013 10:22 AM, Russell Bryant wrote:
> On 08/30/2013 10:10 AM, Adam Young wrote:
>> On 08/22/2013 05:00 PM, Sriram Subramanian wrote:
>>> Followup from today's meeting
>>>
>>> 1) Appears that there is not an easy way as of now to add a tag to
>>> blueprints.
>> Each Blueprint should have a bug.  If it is a new feature, it should be
>> a Wishlist bug.  Tag the bug.
> That's certainly not true of every project.  I wouldn't want to start
> doing it for nova, either.  It seems like completely unnecessary
> duplication.
>
The distinction we are making on Keystone is that the Bug describes the 
problem, and the Blueprint describes a solution.  It allows vetting  
competing solutions for the same issue at design time.

Since the current BP mechanism doesn't support direct Sec Impact 
tagging, any BP that you want to have Sec Impact gets linked to a bug 
that does have Security Impact flagged on it.  You can open the bugs 
after the fact.  The bugs can be simplistic in their description of the 
problem.