[Openstack-security] Security Note (OSSN) Process
Thierry Carrez
thierry at openstack.org
Fri Jan 17 08:22:55 UTC 2014
Nathan Kinder wrote:
> I have started to put together a wiki page skeleton outlining the
> process to follow when writing a new Security Note (OSSN). I think it's
> far enough along to share. Any feedback and suggestions would be
> appreciated! The new page is available here:
>
> https://wiki.openstack.org/wiki/Security/Security_Note_Process
As someone suggested during the meeting yesterday, OSSNs could live in a
git repository and in the future get autopublished under
www.openstack.org (the same way we plan to have the governance documents
autopublished).
An immediate benefit of using a repository is that you could use Gerrit
to comment, approve and iterate on OSSN drafts, which is so much better
that using emails and launchpad bugs. With OSSNs as "living knowledge
base documents" this also lets you propose new versions and corrections
easily.
FWIW even if OSSAs are one-time notifications, we plan to also use
repositories/Gerrit, purely to get decent draft review tooling. But we
need to support private reviews in Gerrit first...
Regards,
--
Thierry Carrez (ttx)
More information about the Openstack-security
mailing list