<div dir="ltr">I think it makes sense to assign the OSSN number as early as possible. If they are published out of order... I'm not too worried about that.</div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Mon, May 5, 2014 at 12:59 PM, Nathan Kinder <span dir="ltr"><<a href="mailto:nkinder@redhat.com" target="_blank">nkinder@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=""><br>
<br>
On 05/05/2014 12:39 PM, Bhandaru, Malini K wrote:<br>
> We have two OSSN-0013s making their way!<br>
> Need a better number reservation system. :-)<br>
<br>
</div>Let's let Rob take OSSN-0013, and the one you are working on can be<br>
OSSN-0014.<br>
<br>
If we want to reserve a number, we could grab it on the OSSN wiki page<br>
ahead of time. My concern with this is that someone could grab a<br>
number to start writing a security note, then disappear for some time<br>
(or the issue takes a lot of back and forth to get through review). In<br>
the meantime, other notes might be written and published. This will<br>
result in the numbers being out of sequence. It's not the end of the<br>
world, but it is a bit confusing. This isn't a theoretical situation<br>
either, as OSSN-0010 was published after OSSN-0011 and OSSN-0012:<br>
<br>
<a href="https://wiki.openstack.org/wiki/Security_Notes" target="_blank">https://wiki.openstack.org/wiki/Security_Notes</a><br>
<br>
The alternative is that we assign the number at publishing time. This<br>
requires more diligence at patch approval time to ensure that we don't<br>
duplicate a number and might require patch rework to renumber things<br>
(which is what we're going through right now).<br>
<br>
What preferences do others have on this?<br>
<br>
Thanks,<br>
-NGK<br>
<div class="HOEnZb"><div class="h5"><br>
> Malini<br>
><br>
> -----Original Message-----<br>
> From: Clark, Robert Graham [mailto:<a href="mailto:robert.clark@hp.com">robert.clark@hp.com</a>]<br>
> Sent: Friday, May 02, 2014 1:51 AM<br>
> To: <a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a><br>
> Subject: [Openstack-security] OSSN-0013 ready for review<br>
><br>
> <a href="https://review.openstack.org/#/c/91755/" target="_blank">https://review.openstack.org/#/c/91755/</a><br>
><br>
> _______________________________________________<br>
> Openstack-security mailing list<br>
> <a href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
><br>
> _______________________________________________<br>
> Openstack-security mailing list<br>
> <a href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
><br>
<br>
_______________________________________________<br>
Openstack-security mailing list<br>
<a href="mailto:Openstack-security@lists.openstack.org">Openstack-security@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
</div></div></blockquote></div><br></div>