27 Feb
2023
27 Feb
'23
5:16 p.m.
Hey all, A recent topic at Ironic meetings the last couple of weeks have been around vulnerability management. Ironic has not been using the OpenStack VMT traditionally; for reasons that AFAICT are lost to time. Is there any reason Ironic should not be vulnerability-managed? Is the security team willing to have us? The only potential complication is that Ironic may receive reports for vendor libraries used by Ironic but not maintained by Ironic -- I was hoping there might already be some historical precedent for how we handle those; it can't be that unique to Ironic. What do folks think? Thanks, Jay Faulkner Ironic PTL TC Member