Proposed changes to the new Nova Blueprint template is happening directly in Gerrit against the actual template: https://github.com/openstack/nova-specs/blob/master/specs/template.rst You may find several proposed changes in here: https://review.openstack.org/#/q/nova-specs,n,z Probably we could directly submit a proposal for a new "Security impact" section (as it fits with current template); including a short explanation and providing some links such as the Security guidelines provided below. Regards. Cristian. From: bdpayne at gmail.com [mailto:bdpayne at gmail.com] On Behalf Of Bryan D. Payne Sent: Thursday, March 27, 2014 12:33 PM To: Fiorentino, Cristian Cc: openstack-security at lists.openstack.org Subject: Re: [Openstack-security] Security Analysis for new Blueprints I was also bringing this up now because the new Nova template is still being modified and under review; so it could be a good timing for proposing something there and probably to be ready for Juno. But if there is a related approach work in progress, probably then there is the need to grow the template in the future. I still think it would be valuable to get something about security review / security impact / etc into the first template. Where is this review process happening? I'd be happy to chime in over there. If you may point me to any related effort, I would be happy to offer some help here. This is the current work in progress that I referenced: https://wiki.openstack.org/wiki/Security/Guidelines -bryan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140327/cbd21fa3/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6708 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140327/cbd21fa3/attachment.bin>