[Openstack-security] OSSN Cadence

Nathan Kinder nkinder at redhat.com
Tue May 13 04:20:30 UTC 2014 


On 05/12/2014 05:26 PM, Clark, Robert Graham wrote:
> Agreed but how do we get to that, I know when we were talking about starting the OSSN process Theirry envisioned publishing something in the order or one per week which I think would be attainable ā€“ certainly there are enough defects/issues to do this ā€“ thoughts?

Thus far, it seems like the majority of the OSSN bugs originate from
issues that the VMT evaluates and determines that they aren't worthy of
being an OSSA.  Instead of relying on this being the main source of
OSSNs, I think we need to look at the incoming 'SecurityImpact' bugs to
determine what qualifies as an issue worthy of a new OSSN.  We receive
notification of plenty of bugs with the 'SecurityImpact' tag set, so I
think we just need to be more diligent in looking at them to determine
if an OSSN would be useful.

-NGK

> 
> 
> 
> From: "Bryan D. Payne" <bryan at thepaynes.cc<mailto:bryan at thepaynes.cc>>
> Date: Mon, 12 May 2014 13:50:15 -0700
> To: Robert Clark <robert.clark at hp.com<mailto:robert.clark at hp.com>>
> Cc: "openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>" <openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>>
> Subject: Re: [Openstack-security] OSSN Cadence
> 
> 
> Step 1 ... We need more OSSN bugs files with topic ideas.
> 
> -bryan
> 
> On May 12, 2014 2:13 PM, "Clark, Robert Graham" <robert.clark at hp.com<mailto:robert.clark at hp.com>> wrote:
> Nathan gave a great talk on OSSNs today, we went from 3 OSSNs in the last release to 10 in the current release.
> 
> Iā€™d like to continue this upward trend in the next release, I think that the new processes in place have made contributing easier and greatly improved the quality of our OSSNs.
> 
> So, Ideas and suggestions for ramping up OSSNs?
> 
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org<mailto:Openstack-security at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
> 
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>

More information about the Openstack-security mailing list