[Openstack-security] Fwd: [openstack-dev] [Nova] Security vulnerability contacts

Sriram Subramanian sriram at sriramhere.com
Tue Nov 19 06:00:05 UTC 2013 

Dear OSSG,

I am seeing some kind of duplication of efforts here or did I miss
something? My understanding was, we were also looking for people with
strong project expertise to be security reviewers. This call for volunteers
appears to be the same. What am i missing here?

thanks,
-Sriram

---------- Forwarded message ----------
From: Jeremy Stanley <fungi at yuggoth.org>
Date: Mon, Nov 18, 2013 at 12:20 PM
Subject: Re: [openstack-dev] [Nova] Security vulnerability contacts
To: openstack-dev at lists.openstack.org


On 2013-11-18 11:27:28 -0800 (-0800), Sriram Subramanian wrote:
> Thanks for the initiative. We at the OpenStack Security Group are
> doing large part of these tasks now and are looking for more help
> (particularly around reviews from people that are intimate to the
> project internals). Here are some pointers on how to get involved.
> You probably are inviting more volunteers for OSSG, I am just
> trying to make it clearer. If not, we need to work to make sure
> the efforts are aligned and not duplicated.

As I understood his initial E-mail, he's looking for experienced
Nova core reviewers with some background in security so that the
vulnerability management team can use them as an initial point of
contact to help develop, backport or review proposed fixes for
embargoed security vulnerabilities prior to their announcement.

Note that this is not something we're (VMT hat on) only seeking from
Nova. All the official OpenStack projects which receive security
support are strongly encouraged to groom core security
developers/reviewers so that we can have some redundancy and
additional bandwidth on those sorts of interactions (rather than now
where we usually just contact the PTL and hope he/she is around). As
discussed at the summit, we're going to work on putting together a
more detailed prerequisites list for determining whether a given
project is under security support.

    https://etherpad.openstack.org/p/IcehouseVMT
--
Jeremy Stanley

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131118/70cef51b/attachment.html>

More information about the Openstack-security mailing list