Open Stack

Bryan D. Payne wrote:
> I think it makes sense to assign the OSSN number as early as possible.
>   If they are published out of order... I'm not too worried about that.

Yeah, I think that would follow the CVE model as well.

rob

>
>
> On Mon, May 5, 2014 at 12:59 PM, Nathan Kinder <nkinder at redhat.com
> <mailto:nkinder at redhat.com>> wrote:
>
>
>
>     On 05/05/2014 12:39 PM, Bhandaru, Malini K wrote:
>      > We have two OSSN-0013s making their way!
>      > Need a better number reservation system. :-)
>
>     Let's let Rob take OSSN-0013, and the one you are working on can be
>     OSSN-0014.
>
>     If we want to reserve a number, we could grab it on the OSSN wiki page
>     ahead of time.  My concern with this is that  someone could grab a
>     number to start writing a security note, then disappear for some time
>     (or the issue takes a lot of back and forth to get through review).  In
>     the meantime, other notes might be written and published.  This will
>     result in the numbers being out of sequence.  It's not the end of the
>     world, but it is a bit confusing.  This isn't a theoretical situation
>     either, as OSSN-0010 was published after OSSN-0011 and OSSN-0012:
>
>     https://wiki.openstack.org/wiki/Security_Notes
>
>     The alternative is that we assign the number at publishing time.  This
>     requires more diligence at patch approval time to ensure that we don't
>     duplicate a number and might require patch rework to renumber things
>     (which is what we're going through right now).
>
>     What preferences do others have on this?
>
>     Thanks,
>     -NGK
>
>      > Malini
>      >
>      > -----Original Message-----
>      > From: Clark, Robert Graham [mailto:robert.clark at hp.com
>     <mailto:robert.clark at hp.com>]
>      > Sent: Friday, May 02, 2014 1:51 AM
>      > To: openstack-security at lists.openstack.org
>     <mailto:openstack-security at lists.openstack.org>
>      > Subject: [Openstack-security] OSSN-0013 ready for review
>      >
>      > https://review.openstack.org/#/c/91755/
>      >
>      > _______________________________________________
>      > Openstack-security mailing list
>      > Openstack-security at lists.openstack.org
>     <mailto:Openstack-security at lists.openstack.org>
>      >
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>      >
>      > _______________________________________________
>      > Openstack-security mailing list
>      > Openstack-security at lists.openstack.org
>     <mailto:Openstack-security at lists.openstack.org>
>      >
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>      >
>
>     _______________________________________________
>     Openstack-security mailing list
>     Openstack-security at lists.openstack.org
>     <mailto:Openstack-security at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>