Open Stack

We agreed to reach out to PTLs to understand their needs and offer help.
I volunteered to talk to Jim Blair (Infra) and Thierry (Release). Below
are their needs.

TL;DR: Infra appreciates more cloud resources to run CI tests. Release
appreciates security-minded people and engineers to take care of the
stable release. Does anybody have spare resources to share?

Infra

        OpenStack has long-since become too complicated for developers
        to effectively test in even the most common configurations on
        their own, so the CI process is very important for developers.
        
        The CI jobs visualized on http://status.openstack.org/zuul/
        require a lot of nova compute instances. 
        
        If you have some capacity on your public cloud that you could
        contribute
        to the project, it would be a big help.  This is what we would
        need:
        
         * Nova, Glance, and Neutron APIs
         * 8GB RAM, 8vCPU per node
         * Public IP addresses
         * IPv4 *and* IPv6 available for the VMs
         * nice to have: consistency in deployments, so that uploading
        an image to glance doesn't require an invention all the time
        
        Rackspace and HP are both donating around 600 instances each of
        the
        above types.  Since there's a bit of setup and maintenance
        involved in adding a new provider, a minimum of 100 instances
        would be helpful.
        
        Since we continuously use the OpenStack APIs and are familiar
        with how they should operate, we occasionally discover potential
        problems with Rackspace and HP's public clouds before many of
        their other users (or occasionally even ops teams).  In these
        cases, we work with contacts on their operations teams to let
        them know and try to help fix problems before they become an
        issue for their customers.

Release Cycle Management is 3 subgroups:

        Release management:
        No specific needs.
        
        Stable branch management:
        We can always use more people caring about stable branches in
        each
        project team. But apart from raising awareness that stable
        branch
        maintenance is important in developers working on projects, I'm
        not surethere is an immediate action here.
        
        Vulnerability management:
        We need more developers caring about security bugs in the
        various
        projects. We are witnessing an increase in vulnerability
        response time mostly because we don't have enough core
        developers in projects security teams, so bugs don't get
        confirmed, patches don't get produced or reviewed sufficiently
        fast. Nova for example has basically a single person actively
        engaging with the security team, and doesn't seem to have that
        much backup. So we need to raise awareness of existing
        developers on that problem, and have security-conscious
        developers volunteer to be part of the $PROJECT-coresec teams.