[Openstack-security] Fixing errors in issued OSSNs
Nathan Kinder
nkinder at redhat.com
Fri May 30 17:15:03 UTC 2014
On 05/30/2014 09:36 AM, Bryan D. Payne wrote:
> I vote for cutting OSSN-0013-1 and then, to the extent possible,
> ensuring that this new one replaces the old one in all of our
> publication locations.
+1. This should replace the original published version everywhere. The
only thing we can't do is to strike is the history from the mailing list
archive, but we can publish the new revision to the mailing lists.
To prevent this situation in the future, we need to test any workarounds
that we publish in an OSSN. I added a brief section about testing to
the Process page after learning about the problems with OSSN-0013 yesterday:
https://wiki.openstack.org/wiki/Security/Security_Note_Process#Testing
Anyone reviewing a pending OSSN should not hesitate to ask if a
workaround has actually been tested by the author.
I'm working on testing a new workaround for OSSN-0013.
Thanks,
-NGK
>
> -bryan
>
>
> On Fri, May 30, 2014 at 9:11 AM, Clark, Robert Graham
> <robert.clark at hp.com <mailto:robert.clark at hp.com>> wrote:
>
> Mark Washenberger has pointed out a mistake in OSSN-0013, we should
> fire whoever wrote that!
> https://bugs.launchpad.net/ossn/+bug/1271426
>
> Anyway, we have a few options.
> Cut a completely new OSSN that supersedes 0013 and give it a normal
> number and add a reference to the no longer valid 0013
> Cut a new OSSN with a number derived from 0013 such as OSSN-0013-1
>
> Followed up with what would basically be a revised announcement on
> –dev and –security.
>
> Thoughts?
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> <mailto:Openstack-security at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
More information about the Openstack-security
mailing list