[Openstack-security] Openstack Threat modelling - Common Repository
Nathan Kinder
nkinder at redhat.com
Fri Apr 11 16:23:41 UTC 2014
On 04/11/2014 01:13 AM, Abu Shohel Ahmed wrote:
> Hi,
>
> Yesterday’s OSSG meeting, we are discussing about Threat Modelling
> process and more specifically gating and publishing process.
> Currently, the work is hosted in the Security Wiki page:
>
> https://wiki.openstack.org/wiki/Security/Threat_Analysis
>
> and some of the contents are in
> https://github.com/shohel02/OpenStack_Threat_Modelling.git
>
> Now, that more people are getting interested and there is a need to have
> engagement and dissemination strategy.
> We are thinking of some common GIT repo with Gerit control, similar to
> OSSN currently has. Another aspect is,
> can it be part of the documentation project? We think it is well fitted
> in that category. What do you guys think ?
Hi Shohel,
I brought some of this up on our IRC meeting yesterday, but I'll repeat
it here for a wider audience.
We need to determine how the threat modeling documents will be
disseminated. It's clearly documentation, so it would fall under the
Documentation program IMHO. What is the ultimate form that these
documents will take? Would it be a "Threat Modeling" manual, or perhaps
a series of white papers (one per project)?
The files in the existing repo are really built documents, not source.
For example, you can't easily review a diff of changes to the pdf that
is checked into the existing repo. If we want these to be published
along with the rest of the OpenStack documentation, we need to follow
the conventions already used. This means using Docbook (or possibly
RST) for the documentation source. We should move away from pdf and xls
files in the repo. The normal documentation build tools can produce
html and pdfs.
I think the format conversion needs to take place as a pre-requisite to
creating an official repo.
Thanks,
-NGK
>
> Thanks,
> Shohel
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
More information about the Openstack-security
mailing list